Argo block all rule

Hi,

I am testing Cloudflare Tunnel and is is working great but i have a problem with the policy rules. I start by allow access to some servers and ports for testing and after the allow rules i would like to block everyhting else but how do i do this.
I can block individual ip’s but i am not able to block the whole private range at once with a cidr notation xxx.xxx.xxx.0/24 how do i do this
thanks in advance

The Gateway for private network routing already defaults to ‘deny all’ so just only allow the ones you want and everything else won’t be reachable.

Alternatively, make a List (under My Team on the sidebar) and you can specify ranges/CIDR there.

that whas also my first idea but i was able to connect to things not in the list …, i indeed saw a message about a list but was unable to find the place of the list. Will give it another try later tonight.

And will test if i can still reach devices not mentioned in the policies but i am pretty sure that my nas and my second rds server were not in the allow list and was able to reach them. Had to speify block rules for them in order to block … after disabling the block rules they were reachable again although not in an allow rule

This is also a pretty useful guide that walks through policy creation for allowing access to specified resources for distinct users while blocking broad access for a larger network range.