Allow a range of ip-adresses?

My computers are connected to a router that gives them a new ip-adress each startup (dynamic). When I allow their ip-adresses in “My networkzones” so that they can communicate it only works until next restart when they get new ip-adresses. Is it safe to allow a range of ip-adresses?

For example:


Is it safe to allow the range from -

it does only effect the local ip-adresses or am I wrong?

The IP range you are listing is not a private range, so if you add the whole range, any other computer on the net within this range will be part of the zone.

IP Information -
Host name
Country France France
Country Code FR
Region Ile-de-France
City Billancourt

IP Information -
Country Finland Finland
Country Code FI
Region Southern Finland
City Espoo

Both these would be part of the zone.


I can see a point in making rules for lan static adresses (and i advocate for making these adresses static) and in making rules for your isp dns adresses (always fixed), but none in making rules for your own wan adress, whether it is static or dynamic: you won’t generally connect to yourself (excepting remote control, and then, even if you have a dynamic wan adress, you can use a ip redirector) and if, say, you run a http or ftp server, you don’t need to protect your wan adress, it is your isp’s business, but your local ports and applications.

Thanks to both. The ip-adresses I typed here isn’t the real ones, just examples of what I mean.

I didn’t want to make a rule but wasn’table to connect between the devices without one. I’d be glad to be told how to do it some other way.

But I was able to fix the problem because I gave the MAC-adresses as a rule instead and that way they connected nicely to eachother :slight_smile:

I didn’t get that you were speaking of your private LAN adresses.
You could have written the real ones, they are by definitinon unroutable.

MAC is of course a way, but not the easiest one.

I think that you should (network properties of your nics) uncheck dhcp, and assign each device a static ip in the same workgroup and in the router’s lan ip range: assuming the latter is, they could be, …

It is then enough to define a lan network zone

Firewalls rules for this lan zone should next be written allowing ports 135-139 at least in scvhost (tcp) and system (tcp and udp), implying of course that these same ports are denied for whatever other adress.