Is there a way to add a host to an alias based on its firewall rule type (such as “LAN address”)?
For example, I have multiple LAN interfaces, including LAN2, LAN22, LAN44, and I want to create an alias that contains the following hosts:
Is there a way to do that without explicitly specifying the addresses and then having to update them manually in case the interface address changes in the future?
As to why, I want this. This particular alias is needed to block access to the pfSense management interface on LAN2, LAN22, LAN44 addresses (the LANs have access to each other, which is why I want the destination to include all of the LAN addresses).
Instead of specifying a specific ip address you could use a cidr address which is the entire subnet. That would be one way. Make sure that each interface is on it's own subnet and then experiment from there. After which the aliases can be labeled the way that you have described.
You could use this to help.
Just change the subnet mask to whatever it needs to be and then look at the mask bits number. So for instance, if you have a class C address then it would be 192.168.0.1 or some variation of that if you're making multiple subnets and if I choose 255.255.255.224 the cidr address would be 192.168.0.1/27 .
Thank you for the idea, I appreciate the input.
Some of my subnets talk to each other. It appears that your proposal would break that.
I want a convenient alias for blocking access to the pfSense management interface, without affecting anything else.