Firewall rules whit more than one source and no alias

Remi38

Hello,

I am curentely begin install a pfsense firwall in my enterprise.
We have a lot of rules and I would like to make some rules whit multi alias without making an alias of an alias …

Like this :
FROM : (ALIAS1 & ALIAS2 & ALIAS3), TO: (ALIAS5 & ALIAS6), ALLOW TCP (PORT_ALIAS1)

Thanks

phil.davis

I guess you have 6 rules for this now:
FROM : (ALIAS1), TO: (ALIAS5), ALLOW TCP (PORT_ALIAS1)
FROM : (ALIAS1), TO: (ALIAS6), ALLOW TCP (PORT_ALIAS1)
FROM : (ALIAS2), TO: (ALIAS5), ALLOW TCP (PORT_ALIAS1)
FROM : (ALIAS2), TO: (ALIAS6), ALLOW TCP (PORT_ALIAS1)
FROM : (ALIAS3), TO: (ALIAS5), ALLOW TCP (PORT_ALIAS1)
FROM : (ALIAS3), TO: (ALIAS6), ALLOW TCP (PORT_ALIAS1)

As far as I am aware, you can only put 1 alias in each source/destination field of a rule. So you need to make an aliases that contain other aliases. That works, and I would hhave thought with some good naming conventions for your aliases it should make the rule list readable by mere mortals.

Remi38

OK, that's why I thought. This is a regression before our previous FW but all other stuff on pfsense make this nothing.

Thanks you.