Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can select ip range in firewall rule??

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 5 Posters 6.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kerberos01
      last edited by

      HI , i want select ip range in firewall rule . like (  10.0.0.1  10.0.0.10)  …

      There are single host or alias only and i have 60 users. thanks

      1 Reply Last reply Reply Quote 0
      • E
        EMWEE
        last edited by

        U can create a alias from a text file with pfBlockerNG.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Well you do not really need any pfBlockerNG to create a single alias. Plus, this is completely automated under Firewall - Aliases - IP tab:

          Host(s): "You may also enter an IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 and a list of individual IP addresses will be generated."
          Network(s):" "You may also enter an IP range such as 192.168.1.1-192.168.1.254 and a list of CIDR networks will be derived to fill the range."

          1 Reply Last reply Reply Quote 0
          • K
            kerberos01
            last edited by

            thanks for replay >

            Firewall - Aliases - IP tab  }} When choosing a host and enter an IP range such as 192.168.1.1-192.168.1.20  mask by default 32 i can't change it
            to /24

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Why would you change it? Just press save.

              1 Reply Last reply Reply Quote 0
              • K
                kerberos01
                last edited by

                Because my subnet mask on my lan

                192.168.1.0          /24
                255.255.255.0

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  OMG. So use Network(s) alias and enter the CIDR! The original request was for IP range which is exactly what I described. >:( ::)

                  Not to mention that you do not need any alias for your LAN net (or any other interface subnet) at all. It's available in the firewall rule's source/destination dropdown menu as "LAN net" (or SomeOtherInterfaceName Net).

                  Hosts-type IP range:

                  Save! Result:

                  Networks-type IP range:

                  Save! Result:

                  Done!!! Magic!!! 5 seconds job!!! Described in the GUI. Sigh.

                  1 Reply Last reply Reply Quote 0
                  • 2
                    2chemlud Banned
                    last edited by

                    …just to add:

                    You can also simply enter, let's say

                    10.80.3.0/28

                    ...and the alias will be created for all IP's in the subnet (does not matter that there is /32 greyed out in the entry mask)

                    1 Reply Last reply Reply Quote 0
                    • P
                      phil.davis
                      last edited by

                      And if you have a bunch of hosts, subnets, ranges with or without descriptions you can also quickly paste them into firewall_aliases_import and it generates a filled out alias with all the same sort of stuff as entering it field by field, row by row in the firewall_aliases_edit GUI.

                      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.