How to Setup an IP Range in Firewall?

I’m unable to allow the following IP Ranges 81.19.188.226-81.19.188.238 + 85.92.66.146-85.92.66.149.

I also tried on guessing (ip.src in {81.19.188.226-81.19.188.238}) but no luck!

Any suggestions pls?

Thanks
Mo

I am afraid you cannot specify an IP range with "-" symbol (meaning like “from-to”).
Rather, should be using subnet (by CIDR notation) using /16, /19, /24, etc. blocks per need.

You can use your List items:

Add two of them to your new list:

81.19.188.224/28
85.92.66.144/29

Furthermore, so you would then in Firewall rule have like:

(ip.src in $my_list)

To allow IPs from 81.19.188.226 to 81.19.188.238:

81.19.188.224
81.19.188.225    
81.19.188.226
81.19.188.227
81.19.188.228
81.19.188.229
81.19.188.230
81.19.188.231
81.19.188.232
81.19.188.233
81.19.188.234
81.19.188.235
81.19.188.236
81.19.188.237
81.19.188.238
81.19.188.239

CIDR
81.19.188.224/28

CIDR IP Range
81.19.188.224 - 81.19.188.239

To allow IPs from 85.92.66.146 to 85.92.66.149:

85.92.66.144
85.92.66.145
85.92.66.146
85.92.66.147
85.92.66.148
85.92.66.149
85.92.66.150
85.92.66.151


CIDR
85.92.66.144/29

CIDR IP Range
85.92.66.144 - 85.92.66.151

Or by adding each one IP address (having multiple OR/AND clauses in a Firewall rule).

Or directly in firewall rule like:

(ip src in {85.92.66.144/29 81.19.188.224/28}) -> allow

You can either allow/block IP addresses using IP Access Rules which execute before Firewall rules (order priority):

1 Like

Thanks so much, Fritexvz, for the excellent and prompt support. My head is spinning :smile:

Unfortunately, though, I only managed to use 81.19.188.226/24 and 85.92.66.146/16 without using ip.src in {}, but the ranges appear as follows:
81.19.188.0/24
85.92.0.0/16

Is this normal?

There’s no issue doing them one by one.

Thanks again

1 Like

I suppose that would allow or block much more IP addresses than you need:
256 IP addresses for 1st
65,536 IP addresses for 2nd

81.19.188.226/24

Range: 81.19.188.0 - 81.19.188.255

85.92.66.146/16

Range: 85.92.0.0 - 85.92.255.255

Or maybe, I am wrong, maybe Cloudflare allows us to use only /24 and/or /16 in that case, while I wrote /29 and /28 blocks from your input as for starting IP address.

Hmmm, well, I’ll let run for sometime and if there’s any side effect I’ll have to do it one by one I guess!

Thanks ever so much and have a nice day/night

1 Like

Or kindly and patiently wait for another reply from someone else who might now the better answer to it and help you out :wink:

I honestly don’t understand why we use 16, 24, etc but I guess they limit the range, right?

So if the range is open between 0 and 255 this is way beyond what I should allow which is dangerous, am I right?

If so, then how do I limit it to the specific numbers without doing it one by one?

I tried myself, the IP Access Rules only allows us to use /16 and /24 CIDR blocks - which in conclusion, if you use:

81.19.188.0/24 with action allow - it would allow 256 IPs in total
as for 85.92.66.0/24 (256 IPs allowed)

While for Firewall Rules I tested and I can use:

81.19.188.224/28
85.92.66.144/29

From above, I tested and having a Firewall rule like:

(ip.src in {81.19.188.224/28 85.92.66.144/29}) -> Action: Allow

The above should allow your IP addresses (2-3 more than you wanted in your original post due to CIDR notation - replied with all the list which would be allowed) to connect.

After applying the changes, wait for 5-7 minutes and try it that would work

Thanks mate for all your efforts. You did a great job.
I did it one by one and now it seems working fine.

Have a nice day
Mo

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.