Address Groups

Address Groups

Overview

The Address Groups feature in Netify DPI introduces a powerful way for administrators to organize and manage devices, users, and network entities. Instead of managing policies based on individual IP or MAC addresses, Address Groups allow you to define logical collections that represent people, departments, device types, or other meaningful categories within your network.

Address groups were introduced in version 5.2 and later.

Address Groups can operate in either stateful or stateless mode, depending on how they are created and maintained:

  • Stateful Groups automatically reload if the agent is restarted
  • Stateless Groups that are populated at runtime are purged when the agent is restarted
This dual approach allows administrators to have optimal control over the state of groups defined.

Stateful Address Groups

Stateful address groups are defined in the 'dot d' format in a folder named /etc/netifyd/address-groups.d.

Where the OS is based on BSD, the path to this folder is /usr/local/etc/netifyd/address-groups.d.

The naming convention for configuration files in this folder are strict. File names are prefixed with a 2-digit numeric value followed by a 'dash' and ending in '.conf' ( ex. 10-staff.conf).

Each line in the file should contain a single address entry. Supported formats include:

  • IPv4 addresses (e.g. 192.168.1.10)
  • IPv6 addresses (e.g. 2001:db8::5)
  • MAC addresses (e.g. 00:1A:2B:3C:4D:5E)

IPv4 or IPv6 networks in CIDR notation are permitted. An example of an address group for the purposes of IT and IoT devices is show below.

/etc/netifyd/address-groups.d/10-it.conf 
192.168.1.100
192.168.1.101
00:1a:2b:3c:4d:5e
192.168.2.0/24
/etc/netifyd/address-groups.d/10-iot.conf 
10.0.0.0/22

Stateless Address Groups

If, for some reason, you want to avoid the use of stateful address groups defined in the 'dot d' sub-directory, you can use the Netify API to create and manage address groups entirely with memory. For more information on how to setup and interact with the Netify API, click here.

Using Address Groups

Using Address Groups with Netify Flow Actions Plugin

Address Groups can be leveraged directly within the Netify Flow Actions plugin, providing a powerful way to define enhanced criteria for rule matching. By referencing groups instead of individual IPs or MAC addresses, administrators can apply policies and controls with fine-grained precision, ensuring consistent handling of flows across the network.

For more information on how to write criteria specific to address groups, click here.

Next Steps

Documentation


Netify DPI Agent


Technical Support

Haven't found the answers you're looking for?

Contact Us