Nested alias for hosts vs networks
-
Hi,
Question about nesting alias objects.
according the manual, we can have nested aliases, as long as we stay within the same type.
With, type, Pfsense probably mean IP, PORT, URL, ....
can we mix nested aliases of the type "host" and "network" as elements of an alias ?
if so, should that "parent" alias then be the host or network type?Thanks
-
anyone?
-
@lightningbit I don't believe that you can mix types like that. I think of it in the context of how the alias will be used. In every field I can think of that uses aliases, they are always for one specific type of data. Having an alias that holds a port and network, or host and network, would mean including invalid data.
What are you trying to do?
-
@kom ok thanks for the info.
I was hoping to be able to treat aliases or "objects" similar to how commercial firewalls do
I'm used to work with Checkpoint, Fortinet, ....
They can mix objects for hosts and networks.But I think I found the solution by simulating host objects by creating network objects with ip/32 (obvious of course... that I didn't think of that before
-
@lightningbit Nesting can only happen in type "Host" Aliases. But the Aliases you put in there can be of another Type (Network for example). Single IPs can be Network type aliases, too - just use /32 as netmask or /128 for IP6.
-
@jegr so if I understand you correctly, I could create an alias of type HOST, and inside add aliases of type host and network
-
@lightningbit Indeed :)
