Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Query rules used by an alias

    Firewalling
    3
    3
    438
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gesture1968 last edited by

      Hello,

      Is it possible to query what rules are using a particular alias (from the alias point of view)? I'm trying to find out if I change the ports of an alias what rules will be affected…

      Greetings,
      Gesture

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Not in the GUI, but you can from the command line. Use grep to search /tmp/rules.debug for your alias name.

        For example if you have an alias called "admin_ports":

        : grep admin_ports /tmp/rules.debug
        admin_ports = "{   22  443 }"
        pass  in  quick  on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto tcp  from $RemoteAdmin to (self) port $admin_ports tracker 1454025784 flags S/SA keep state  label "USER_RULE: Allow firewall admin"
        pass  in  quick  on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto tcp  from any to (self) port $admin_ports tracker 1475843337 flags S/SA keep state  label "USER_RULE: Allow firewall admin"
        
        

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • bmeeks
          bmeeks last edited by

          Just an idea related to the original poster's question –-

          This might be a very useful feature to add to pfSense.  This could accomplish two things:  (1) help you find the potential impact of a change in Alias content on existing rules, and (2) prevent you from deleting an Alias currently used in a rule.  That latter feature may already be in the code.  I don't recall at the moment I'm typing this.  But if not there already, I think these two features might be good to add.  I know Checkpoint firewalls have a concept very similar to Aliases they call Objects.  The Checkpoint software will not let you delete an Object that is referenced in any rules.  With complicated rule sets this can help prevent you from inadvertenly shooting yourself in the foot.

          Bill

          1 Reply Last reply Reply Quote 0
          • First post
            Last post