Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Aliases and Groups

    Scheduled Pinned Locked Moved webGUI
    6 Posts 4 Posters 10.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Peter2121
      last edited by

      Hello,
      We are searching for a firewall to replace an old VPN-1 of CheckPoint, so I'm testing some software solutions.
      I really appreciate the pfSense, it is a great product. Unfortunately, there are some negative points I saw. I would like to know if there are any plans to change them.

      The most important thing pfSense cannot do is grouping the objects. For example, I would like to create some aliases and add them to a group usable in the firewall rules. So I would like to know if this functionality is supposed to be added in the future versions or can be added as a patch by modifying Web GUI files (maybe the problem is deeper than GUI, I don't know).

      Another question - why there is no list of aliases when I add a firewall rule? I can use an alias but I should enter it manually. The same question - could it be changed?

      And the third question, the most interesting - can I disable the firewall management by Web GUI and use another tool to manage it (I think about fwbuilder). Sure, I would like to use Web GUI to manage all another parameters (VPN, CARP etc.)

      Best regards,
      Peter

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @Peter2121:

        The most important thing pfSense cannot do is grouping the objects. For example, I would like to create some aliases and add them to a group usable in the firewall rules. So I would like to know if this functionality is supposed to be added in the future versions or can be added as a patch by modifying Web GUI files (maybe the problem is deeper than GUI, I don't know).

        Alias is a group of ips/ports/nets, do you need group of groups?
        why?

        @Peter2121:

        Another question - why there is no list of aliases when I add a firewall rule? I can use an alias but I should enter it manually. The same question - could it be changed?

        when you start to type the alias you will see a list of aliases that matches your type.
        Use only firefox or chrome to access gui.

        @Peter2121:

        And the third question, the most interesting - can I disable the firewall management by Web GUI and use another tool to manage it (I think about fwbuilder). Sure, I would like to use Web GUI to manage all another parameters (VPN, CARP etc.)

        until 2.0 most features are in gui.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • P
          Peter2121
          last edited by

          Thanks for your answer, marcelloc.

          Alias is a group of ips/ports/nets, do you need group of groups?
          why?

          Yes, I need to group some groups. Our rulebase is complex, the logic is the same as in MS Active Directory - we group the stations and networks due to the location and logical functions and then we put these groups in another groups, used in rules. So we have some logical groups used in different rules together with other logical groups.
          For example, there are logical groups Account, Comm, R_and_D. And we have the rules Grp_Web to Any service HTTP and Grp_Mail_In to Any service IMAP. We put R_and_D and Comm in Grp_Web, we put Account and R_and_D in Grp_Mail_In. When I need to give some rights to a new station - I just add this station to the group Account for example, I should not think about rules.

          when you start to type the alias you will see a list of aliases that matches your type.

          Yes, I saw the names appeared when I begin to type. It's better then nothing but I would prefer a listbox or drop-down box.

          until 2.0 most features are in gui.

          Sorry, I don't understand you.

          1 Reply Last reply Reply Quote 0
          • P
            Peter2121
            last edited by

            …as about fwbuilder - the software knows to manage OpenBSD pf using OS scripts. It seems that pfSense uses pf as the firewall backend, so it should work. The problem - possible conflicts between the configuration imported from fwbuilber and WebGUI de pfsense. I still need WebGUI to manage the rest of pfsense.

            1 Reply Last reply Reply Quote 0
            • M
              mmerlone
              last edited by

              @Peter2121:

              Alias is a group of ips/ports/nets, do you need group of groups?
              why?

              Yes, I need to group some groups. Our rulebase is complex, the logic is the same as in MS Active Directory - we group the stations and networks due to the location and logical functions and then we put these groups in another groups, used in rules. So we have some logical groups used in different rules together with other logical groups.
              For example, there are logical groups Account, Comm, R_and_D. And we have the rules Grp_Web to Any service HTTP and Grp_Mail_In to Any service IMAP. We put R_and_D and Comm in Grp_Web, we put Account and R_and_D in Grp_Mail_In. When I need to give some rights to a new station - I just add this station to the group Account for example, I should not think about rules.

              +1. Grouping aliases would be a productivity and administrative boost.

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                This is a very old topic…

                Since 2.0 it's possible to use aliases inside aliases (groups of groups).

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.