From owner-freebsd-pf@FreeBSD.ORG  Mon Oct 27 16:18:46 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1CC406B7
 for <freebsd-pf@freebsd.org>; Mon, 27 Oct 2014 16:18:46 +0000 (UTC)
Received: from mail1.bemta3.messagelabs.com (mail1.bemta3.messagelabs.com
 [195.245.230.171])
 (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "mail1.bemta3.messagelabs.com",
 Issuer "VeriSign Class 3 International Server CA - G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9EAAED3F
 for <freebsd-pf@freebsd.org>; Mon, 27 Oct 2014 16:18:44 +0000 (UTC)
Received: from [85.158.137.19] by server-11.bemta-3.messagelabs.com id
 1B/8F-02834-8BE6E445; Mon, 27 Oct 2014 16:11:36 +0000
X-Env-Sender: Aleksej.Spenst@harman.com
X-Msg-Ref: server-6.tower-39.messagelabs.com!1414426295!13303072!1
X-Originating-IP: [194.121.90.173]
X-StarScan-Received: 
X-StarScan-Version: 6.12.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 7892 invoked from network); 27 Oct 2014 16:11:36 -0000
Received: from unassigned (HELO HIKAWSEXHC01.ad.harman.com) (194.121.90.173)
 by server-6.tower-39.messagelabs.com with AES128-SHA encrypted SMTP;
 27 Oct 2014 16:11:36 -0000
Received: from HIKAWSEXMB02.ad.harman.com ([169.254.2.176]) by
 HIKAWSEXHC01.ad.harman.com ([172.16.1.111]) with mapi id 14.03.0195.001; Mon,
 27 Oct 2014 17:11:34 +0100
From: "Spenst, Aleksej" <Aleksej.Spenst@harman.com>
To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: How to block IP range
Thread-Topic: How to block IP range
Thread-Index: Ac/yAK0p7fXyWmHOQQKNl9Uxk8B7fw==
Date: Mon, 27 Oct 2014 16:11:33 +0000
Message-ID: <CBA35483CE5B4D4B804BF128A77A61650E9A16A7@HIKAWSEXMB02.ad.harman.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.16.102.147]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 16:18:46 -0000

Hi All,

Is there any syntax to block a certain IP range?
For example, I need to block only 100 IPs in the range: 10.0.0.1-10.0.0.100
I can't use the netmask like "block on eth0 from 10.0.0/24" since this will=
 block 256 addresses.
I don't want also to write all IPs separated by comma like "block on eth0 f=
rom {10.0.0.1,10.0.0.2,.....}" since this will generate 100 separate rules =
(and this is also a very long rule).
Are there any other ways?

Thank you!
Aleksej.