Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall: Aliases edit from console

    Firewalling
    3
    18
    9214
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bernikm last edited by

      Hi

      Is there any way to manually edit firewall:aliases file. We need to add a range of IP Subnets that will be blocked, so that we don't need to enter them from GUI, just copy/paste to conf file? Can this be done and how?
      Regards,Miha

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You can manually edit the config with "viconfig" (or download a backup of the config, edit it locally on a PC, then restore the backup)

        Just be extremely careful of the formatting.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          bernikm last edited by

          Thanks!

          1 Reply Last reply Reply Quote 0
          • J
            jjj last edited by

            Is there a known limit to the number of IPs you can have in an alias? We have about 205 in there nowโ€ฆthe firewall takes forever to boot and the processor is pegged at 100%. No packages are installed. We're using the the Aliases to create an Allowed Internet users ACL with another alias for allowed ports. Also, the filter reload is hung on HTTPS.

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              As long as it's just IPs, you should be able to get away with somewhere around ~3000 I thought.

              The filter reload status screen doesn't automatically refresh properly on 1.2.3, you have to reload the page manually.

              Aliases shouldn't impact the load time unless you're using hostnames in them instead of IPs, but other things like having several VLANs can slow it down on 1.2.3

              On 2.0 it's not an issue.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • J
                jjj last edited by

                Hmmm.. any idea why the processor would be pegged at 100%?

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  Do you have polling enabled?

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    jjj last edited by

                    "Use Device Polling" is not enabled.

                    1 Reply Last reply Reply Quote 0
                    • jimp
                      jimp Rebel Alliance Developer Netgate last edited by

                      From the console, look at the output of:

                      top -SH

                      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • J
                        jjj last edited by

                        1 Reply Last reply Reply Quote 0
                        • jimp
                          jimp Rebel Alliance Developer Netgate last edited by

                          Do you have Captive Portal enabled? And a bunch of connected CP clients?

                          Or do you have one of the "country block" or "ip block" packages installed? One of those (ab)used ipfw to load a bunch of IPs and it would do something like that.

                          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • J
                            jjj last edited by

                            Captive Portal is not enabled. No packages are installed. Fresh install as of last night.

                            1 Reply Last reply Reply Quote 0
                            • jimp
                              jimp Rebel Alliance Developer Netgate last edited by

                              ipfw wouldn't be running unless something loaded it. It doesn't load by default on a stock install.

                              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • J
                                jjj last edited by

                                What about restoring the configuration from a backup (without any packages)?

                                DHCP Server and IPSec are enabled, but no 3rd party packages are installed.

                                1 Reply Last reply Reply Quote 0
                                • jimp
                                  jimp Rebel Alliance Developer Netgate last edited by

                                  I think scheduled rules will also hit ipfw. Got any of those?

                                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                  Need help fast? Netgate Global Support!

                                  Do not Chat/PM for help!

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    jjj last edited by

                                    No. But Firewall > Schedule had an Always rule? I deleted it, but it didn't help.

                                    Plus, Filter Reload is still saying "Creating rule HTTPS".

                                    1 Reply Last reply Reply Quote 0
                                    • jimp
                                      jimp Rebel Alliance Developer Netgate last edited by

                                      After you deleted the schedules, you may have to reboot

                                      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                      Need help fast? Netgate Global Support!

                                      Do not Chat/PM for help!

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jjj last edited by

                                        Looks like that did it. Back to 0% usage. Thanks for your help.

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post