IP Set

[etu]

I have a problem with IP sets in the Proxmox firewall. When I try to create a group with my three nodes 10.0.90.207,8,9/23, I start with 10.0.90.207/23. However, when I try to add .8/23, it gives me an error saying that the CIDR already exists. Should I enter the IPs without the CIDR?

 

[fabian]

the ipset already contains all addresses from 10.0.90.1-10.0.91.254 because of the /23 prefix.. if you want to add individual IPs, then you need to use /32 (for IPv4 )

 

[etu]

Okay, I understand. To work around the problem, I created aliases like 10.0.90.208/23, etc., and then I put them into an IP set. So, it will create duplicates. Should I put 10.0.90.208/32, etc., in my aliases and then add them to the IP set ?

 

[fabian]

well, that depends on what the ipset contents should be? do you want to include the whole /23 subnet? then put that in. if you only want to include the three IPs you posted above, then just put those IPs in it (with /32 or no prefix). there is no need for aliases.

 

[etu]

ok good

well, that depends on what the ipset contents should be? do you want to include the whole /23 subnet? then put that in. if you only want to include the three IPs you posted above, then just put those IPs in it (with /32 or no prefix). there is no need for aliases.

Great thank you