Nested aliases of Host(s) and Network(s) types. Is it correct?

dezore

Hi there!
I've searched through the forum and failed to find a direct answer.

I have a few aliases:
Alias A, type Host(s), which contains IP addresses. (X.X.X.X)
Alias B, type Network(s), which contains networks. (X.X.X.X/YY)

I've created Alias C, type Host(s), which contains Alias A and Alias B.
There was no error from the pfSense side, and it was allowed.
I used this alias for NAT rules + associated Firewall rules, and it seems to be working.

How legit is this operation? Can I use such kind of mixing without any issues?

Thanks in advance.
pfSense+ 21.05.1

stephenw10

You should be able to create mixed nested aliases like that. However I would recommend avoiding them if you can. There have been issues in the past populating those if something fails to resolve and indeed there are still open bugs for specific situations.

Check Diag > Tables to see exactly what the resulting alias table has been populated with.

Steve

bingo600

@stephenw10
If one was to use hosts in Alias B as a /32 network definition , could that be ok ?
I mean mixing Alias A & Alias B , in Alias C

I mean then it is "all network aliases" ...
You'll prob. loose the "dns resolve" feature from the host alias.

But else ....

/Bingo

dezore

@stephenw10

Understood. Yes, it seems like it was populated wrong.
I'll check if the trick with /32 as @bingo600 mentioned will work.

Thank you for your reply's.