User Tools

Site Tools


edgerouter:address-groups

Useful Address Groups

Sometimes its good to have common netblocks in an 'address-group' rule in case you need to allow or deny certain types of traffic.

  set firewall group address-group Private-RFC-Ranges description 'RFC 1918 Private Ranges'
  set firewall group address-group Private-RFC-Ranges address 10.0.0.0/8
  set firewall group address-group Private-RFC-Ranges address 172.16.0.0/12
  set firewall group address-group Private-RFC-Ranges address 192.168.0.0/16
  set firewall group ipv6-address-group IPv6-FE80 description 'fe80::/10 (aka Link-Local) Network'
  set firewall group ipv6-address-group IPv6-FE80 ipv6-network 'fe80::/10'

In particular, the IPv6-FE80 group is important to use if you have IPv6, as you'll need to make sure that your LAN machines can communicate with the router for things like DHCPv6.