diff --git a/conf/processing.conf.default b/conf/processing.conf.default
index 60e9d5cbbf0..9fbf9936d1f 100644
--- a/conf/processing.conf.default
+++ b/conf/processing.conf.default
@@ -102,6 +102,8 @@ dnswhitelist = yes
 dnswhitelist_file = extra/whitelist_domains.txt
 ipwhitelist = yes
 ipwhitelist_file = extra/whitelist_ips.txt
+network_passlist = no
+network_passlist_file = extra/whitelist_network.txt
 
 # Requires geoip2 and maxmind database
 country_lookup = no
diff --git a/extra/whitelist_network.txt b/extra/whitelist_network.txt
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/modules/processing/network.py b/modules/processing/network.py
index aec835f5dd8..eb405f60b6b 100644
--- a/modules/processing/network.py
+++ b/modules/processing/network.py
@@ -8,6 +8,7 @@
 
 import binascii
 import heapq
+import ipaddress
 import logging
 import os
 import socket
@@ -90,6 +91,9 @@
 enabled_ip_passlist = proc_cfg.network.ipwhitelist
 ip_passlist_file = proc_cfg.network.ipwhitelist_file
 
+enabled_network_passlist = proc_cfg.network.network_passlist
+network_passlist_file = proc_cfg.network.network_passlist_file
+
 # Be less verbose about httpreplay logging messages.
 logging.getLogger("httpreplay").setLevel(logging.CRITICAL)
 
@@ -102,6 +106,8 @@
             domain_passlist_re.append(domain)
 
 ip_passlist = set()
+network_passlist = []
+
 if enabled_ip_passlist and ip_passlist_file:
     f = path_read_file(os.path.join(CUCKOO_ROOT, ip_passlist_file), mode="text")
     for ip in f.splitlines():
@@ -109,6 +115,15 @@
         if ip:
             ip_passlist.add(ip)
 
+if enabled_network_passlist and network_passlist_file and os.path.isfile(network_passlist_file):
+    with open(os.path.join(CUCKOO_ROOT, network_passlist_file), "r") as f:
+        for cidr in set(f.read().splitlines()):
+            if cidr.startswith("#") or len(cidr.strip()) == 0:
+                # comment or empty line
+                continue
+
+            network_passlist.append(ipaddress.ip_network(cidr.strip()))
+
 if HAVE_GEOIP and proc_cfg.network.maxmind_database:
     # Reload the maxmind database when it has changed, but only check the file system
     # every 5 minutes.
@@ -271,7 +286,8 @@ def _add_hosts(self, connection):
                 ip = convert_to_printable(connection["dst"])
 
                 if ip not in self.hosts:
-                    if ip in ip_passlist:
+                    ip_address = ipaddress.ip_address(ip)
+                    if ip in ip_passlist or any(ip_address in network for network in network_passlist):
                         return False
                     self.hosts.append(ip)