Query rules used by an alias
-
Hello,
Is it possible to query what rules are using a particular alias (from the alias point of view)? I'm trying to find out if I change the ports of an alias what rules will be affected…
Greetings,
Gesture
-
Not in the GUI, but you can from the command line. Use grep to search /tmp/rules.debug for your alias name.
For example if you have an alias called "admin_ports":
: grep admin_ports /tmp/rules.debug admin_ports = "{ 22 443 }" pass in quick on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto tcp from $RemoteAdmin to (self) port $admin_ports tracker 1454025784 flags S/SA keep state label "USER_RULE: Allow firewall admin" pass in quick on $WAN reply-to ( vmx0 198.51.100.1 ) inet proto tcp from any to (self) port $admin_ports tracker 1475843337 flags S/SA keep state label "USER_RULE: Allow firewall admin"
-
Just an idea related to the original poster's question –-
This might be a very useful feature to add to pfSense. This could accomplish two things: (1) help you find the potential impact of a change in Alias content on existing rules, and (2) prevent you from deleting an Alias currently used in a rule. That latter feature may already be in the code. I don't recall at the moment I'm typing this. But if not there already, I think these two features might be good to add. I know Checkpoint firewalls have a concept very similar to Aliases they call Objects. The Checkpoint software will not let you delete an Object that is referenced in any rules. With complicated rule sets this can help prevent you from inadvertenly shooting yourself in the foot.
Bill
