Link Alias to existing table
-
Hi,
Is it possible to create/link an alias to an existing pf table so I can use this table in my firewall rules?
If I create an alias and update the contents of the corresponding pf table in the background, the table is cleared when the pfsense rules are refreshed with /etc/rc.filter_configure_sync. So I'm looking for a way to prevent this table clean up.
I think this needs a modification in /etc/inc/filter.inc but I'm not sure how.
(I know the url alias function, but that does not really permit fast updates.)
Thanks.
Maarten
-
What table are you wanting to use in a rule that doesn't exist as a an alias out of interest?
Steve
-
In the background I create a table like this: pfctl -t DynTestHosts -T add 1.1.1.1/32
I add hosts to this table with the same command, and let entries expire after 48 hours.
The problem I have to work around is the following:
I have a few dns names that resolves in a list of ip addresess, but these addresses change constantly.
When I add these dns names to a pfsense alias table, pfsense resolves the dns names and replaces all IP's in this list. So every ip that is not resolved that time is being removed.
-
So the issue is previously resolved IPs are removed everytime filterdns is run and creates a new list?
Pulling the IPs from an external list seems like the way to go here, just how fast do you need them to update?
Steve
-
Make an alias in the GUI with a dummy address inside, then use it in rules, etc. You can still edit its contents with pfctl.
If you make it a persist table (e.g. URL table alias) then it should keep your custom values across filter reloads.
-
Thanks, I'm using the URL table alias right now.
-
But I assume you want new resolved IPs to be added to the list as they are seen right?
Or are you OK adding the IPs manually via pfctl?
Steve
