Access pfSense alias from other boxes



  • I'd like to define an aliases with IPs on pfSense and be able to access this list of IPs from internal clients on my LAN, from within a bash script (using curl or something similar). Thoughts on whether this is possible via the UI?



  • You might be able to symbolically link the aliases file to the root of the web server and then access it via HTTP.



  • @KOM:

    You might be able to symbolically link the aliases file to the root of the web server and then access it via HTTP.

    Not exactly sure how to accomplish this. I noticed that the directory /var/db/aliastables/ doesn't have the IP Aliases.



  • No idea either.  I was totally guessing to get you started (or waste your time, 50/50….)  If it's in some binary format then good luck.



  • You can extract contents of PF tables from the active ruleset with something like "/sbin/pfctl -T show -t bogons". I wouldn't use the webgui for that but run it over SSH with the root user and with  public keys to avoid use of passwords.



  • To expound a bit on what @kpa is saying –-

    Aliases defined on the FIREWALL >> ALIASES tab in pfSense eventually wind up defined as pf tables.  The table name matches the alias name, and the table's content will be the IP address or addresses the alias resolves to at run time.  So the CLI command he gave an example of is used to dump out the contents of a specific table name.  In the example given, the table name is "bogons".

    If you don't know the table name in advance, you can do this to get a list of all the tables –

    /sbin/pfctl -s Tables
    

    You could code all this in a shell script to list the tables and then grab the contents (IP addresses) of each table.


Log in to reply