Unresolvable source alias after upgrade to 23.09

SteveITS · Nov 7, 2023, 2:11 PM

Someone with this can file a report at redmine.pfsense.org

MoonKnight · Nov 7, 2023, 6:26 AM

@csardoss said in Unresolvable source alias after upgrade to 23.09:

I am also having simaler problem after updating. I have created a Custom Alias called Huntress and use the below URL to pull URl's from my GitHub. I get an error that says "Unresolvable destination alias 'Huntress' for rule 'Huntress Allow'". This rule was working before I upgraded (Previous v23.05.1).

https://raw.githubusercontent.com/csardoss/pflist/main/huntrss.io_list.txt

Got the same error when my Alias was using URL (IPs). Then I change TYPE from URL (IPs) to URL Tables (IPs) and error gone.

monsen · Nov 7, 2023, 2:12 PM

Reported here: https://redmine.pfsense.org/issues/14947

LegsAJimbo · Nov 9, 2023, 6:06 PM

Same issue here. URL Aliases can no longer be selected when creating a NAT rule, but can be selected when creating a firewall rule.

We had a NAT rule allowing only Cloudflare to access our on-prem webserver, which was broken by the update. In the meantime we have created a new alias with the IP's entered manually rather than pulling from https://www.cloudflare.com/ips-v4

Please could this be added to breaking changes here: https://docs.netgate.com/pfsense/en/latest/releases/23-09.html

MoonKnight · Nov 9, 2023, 6:27 PM

Hi,
I don't have any problems like that on any of my Alias.
What is the different between "URL (IPs)" and "URL Table (IPs) in the Alias on the TYPE?

This is an example of my Cloudflare Alias I use.

EDIT: Found it :)

LegsAJimbo · Nov 9, 2023, 6:23 PM

@MoonKnight Ah, yes! URL Table(IPs) work, URL (IPs) does not!

Difference is explained here: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliases

That's a much better workaround, thanks!

SteveITS · Nov 9, 2023, 6:30 PM

There's a patch in the above redmine so someone can test this by using System Patches and the ID in the redmine, a6cf534d0fa0297547f1e587a12729f9d7066bae.

csardoss · Nov 9, 2023, 6:51 PM

@SteveITS This patch worked for me. Thank you

LinkP · Nov 9, 2023, 7:09 PM

The patch works for me, too. Thanks for the quick turnaround.

SteveITS · Nov 9, 2023, 7:29 PM

I would think it would show up in a System Patches package update in the next week or two. Another reason I wait a week or two to upgrade... Jim usually posts in https://forum.netgate.com/category/16/pfsense-packages.

I didn't have anything to do with the patch, I just posted it for y'all. If you set up a redmine account you can Watch an open case for updates.

re: table aliases, they also can have over 3000 entries.

infamousbug · Nov 9, 2023, 8:59 PM

@LinkP How do you apply the patch using System Patches? I added the url https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/a6cf534d0fa0297547f1e587a12729f9d7066bae to a custom patch, but it fails. What am I missing?

SteveITS · Nov 9, 2023, 9:00 PM

@infamousbug Just use the ID there: a6cf534d0fa0297547f1e587a12729f9d7066bae

There's a URL for the actual patch file somewhere in Github but it's easier to use the ID.

LinkP · Nov 9, 2023, 9:11 PM

@infamousbug, as @SteveITS has pointed out, you only need use the commit ID. The patch system knows to use the correct Github repo.

I added a description of Support URL IP aliases in alias_expand() that I gleaned from the commit and enabled the Auto Apply checkbox before I saved it.

Once you have fetched and applied the patch, you will need to reload the firewall. I disabled and re-enabled my rule that used the affected alias to trigger the Apply Changes button to appear.

infamousbug · Nov 9, 2023, 9:12 PM

@SteveITS said in Unresolvable source alias after upgrade to 23.09:

@infamousbug Just use the ID there: a6cf534d0fa0297547f1e587a12729f9d7066bae

There's a URL for the actual patch file somewhere in Github but it's easier to use the ID.

@SteveITS @LinkP I got it, thanks for the quick reply!