Using firewall aliases outside of firewall rules?
-
Hi, noob here setting up a 4200. When I read about firewall aliases I thought that looks great, I can put potentially-changeable IP addresses in just one place. So far it hasn't panned out very well. I can use the aliases I made in actual firewall rules, but I had no luck using them to define virtual IP addresses, nor did they work (as either external or internal addresses) when setting up 1:1 NAT mappings. I can sort of see why they might not work for virtual IP addresses, but why not in NAT mappings? Have I done something wrong? (I defined the aliases as "host" aliases containing single numeric IPv4 addresses.) If it actually doesn't work, could I request consideration of that as a future feature?
The specific use-case here is that I'd like to have just one place to change when I replace a network-exposed server by another one with a different local IP address. It's great for sure that I won't have to touch all the firewall rules, but I'm not at "just one place" yet.
-
@tgl A guideline would be they’re usable any place the alias autocomplete works.
I’m pretty sure I’ve used an alias in an outbound NAT but I don’t think they’re addable as say the actual VIP. A guess, that’s likely more OS network configuration and not inside pf (the program) where the aliases would be defined.
-
You can always add a feature request here: https://redmine.pfsense.org/
-
@stephenw10
OK, done at https://redmine.pfsense.org/issues/15326
