Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hidden rules and programming alias expansion

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bb-mitch
      last edited by

      I remember there used to be (I think) a way to show the hidden rules - yes we can always cat the rules.debug file, but I thought I remembered a way to edit the hidden rules when you had to?

      Was that phased out or moved?

      Then there is alias expansion… I want to modify an auto-created rule to use an alias instead of capturing ALL traffic.

      What I think I see happening is that if I create an alias (hosts) it is placed in the rules.debug, but not expanded to a table unless I add a rule that references it IN THE GUI.

      This means that I can't simply change a the package to correct the firewall issue.

      Can anyone give me some guidance?

      In my specific case I add an alias, which is recorded:
      BB_SIPROXD = "{ 192.168.0.32 }"
      however the table entry:
      table <bb_siproxd>{....
      DOES NOT get created unless I add a dummy rule in the firewall.

      What I wanted to do was simply patch the line in siproxd.inc

      -$rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n";
      +$rules .= "rdr on {$iface} proto udp from <bb_siproxd> to !($iface) port {$port} -> 127.0.0.1 port {$port}\n";</bb_siproxd>
      

      However I would imagine I need to somehow cause the alias to be expanded to the table?

      Thanks!</bb_siproxd>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.