From owner-freebsd-pf@FreeBSD.ORG Mon Oct 27 16:18:46 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CC406B7 for ; Mon, 27 Oct 2014 16:18:46 +0000 (UTC) Received: from mail1.bemta3.messagelabs.com (mail1.bemta3.messagelabs.com [195.245.230.171]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail1.bemta3.messagelabs.com", Issuer "VeriSign Class 3 International Server CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9EAAED3F for ; Mon, 27 Oct 2014 16:18:44 +0000 (UTC) Received: from [85.158.137.19] by server-11.bemta-3.messagelabs.com id 1B/8F-02834-8BE6E445; Mon, 27 Oct 2014 16:11:36 +0000 X-Env-Sender: Aleksej.Spenst@harman.com X-Msg-Ref: server-6.tower-39.messagelabs.com!1414426295!13303072!1 X-Originating-IP: [194.121.90.173] X-StarScan-Received: X-StarScan-Version: 6.12.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 7892 invoked from network); 27 Oct 2014 16:11:36 -0000 Received: from unassigned (HELO HIKAWSEXHC01.ad.harman.com) (194.121.90.173) by server-6.tower-39.messagelabs.com with AES128-SHA encrypted SMTP; 27 Oct 2014 16:11:36 -0000 Received: from HIKAWSEXMB02.ad.harman.com ([169.254.2.176]) by HIKAWSEXHC01.ad.harman.com ([172.16.1.111]) with mapi id 14.03.0195.001; Mon, 27 Oct 2014 17:11:34 +0100 From: "Spenst, Aleksej" To: "freebsd-pf@freebsd.org" Subject: How to block IP range Thread-Topic: How to block IP range Thread-Index: Ac/yAK0p7fXyWmHOQQKNl9Uxk8B7fw== Date: Mon, 27 Oct 2014 16:11:33 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.16.102.147] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Oct 2014 16:18:46 -0000 Hi All, Is there any syntax to block a certain IP range? For example, I need to block only 100 IPs in the range: 10.0.0.1-10.0.0.100 I can't use the netmask like "block on eth0 from 10.0.0/24" since this will= block 256 addresses. I don't want also to write all IPs separated by comma like "block on eth0 f= rom {10.0.0.1,10.0.0.2,.....}" since this will generate 100 separate rules = (and this is also a very long rule). Are there any other ways? Thank you! Aleksej.