Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    feature request: nested aliases

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 5 Posters 643 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • High_VoltageH
      High_Voltage
      last edited by

      so, I find myself cleaning up my firewall rules, and given the amount of hosts needed for certain domains (HERE'S LOOKING AT YOU CLOUDFLARE) I have a lot of aliases that have hundreds, no joke, of entries, and given the fact that you cannot combine host IP aliases with say domain name aliases, I end up having multiple double rules for the same thing, like steam_domains and steam_hosts for ip addresses and domain names accordingly. if there was an ability to add nested aliases, that would help clean up the rule clutter for both myself and plenty of others I'm sure... is there any possible chance this could be a thing that gets added?

      S 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8
        last edited by

        Nested aliases like that are maybe not a thing but you can have a combination of IP and FQDN.
        Also there is pfBocker which can do some neat things, although it seems you have to separate by IP-version.

        1 Reply Last reply Reply Quote 1
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Not sure what you're missing but you can nest aliases now.

          Aliases can contain other aliases of the same type, and aliases can contain a mix of IP addresses and FQDNs.

          If it's not letting you nest then you maybe chose the wrong types (like one is Host and another is Network)

          Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 2
          • bingo600B
            bingo600
            last edited by

            A tip here is that a Host can be expressed as a Network with a /32 mask.

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            High_VoltageH 1 Reply Last reply Reply Quote 1
            • S
              Stewart @High_Voltage
              last edited by

              @high_voltage We create individual aliases for things and then place them all into other aliases. For example, you can have "Compliance", "Remote Admin", and "Vendor IPs" in a group called "IPS Bypass". Then you reference IPS bypass as a Suricata Passlist. That way all three groups can be separated out and added to but Suricata only references the one. Restart it on the interface and it will load the new IPs. Nesting hasn't been an issue for us.

              1 Reply Last reply Reply Quote 1
              • High_VoltageH
                High_Voltage @bingo600
                last edited by

                @bingo600 okay, THAT is a useful tidbit, thank you, and thank you guys for the replies, I look forward to testing this out again then later today after I fix my mess of a problem I somehow introduced myself last night!

                once again, thank you guys for making this possible, all of you developers and everyone with the pfsense team, THANK YOU. love this software.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.