Aliases Organization, Suggestions



  • We built our first pfSense installation, and it shows. Well now we want to move it into production, but before doing so I decided to rebuild it from scratch and migrate the aliases and rulesets. I can see how things can get out of hand realllllly quickly. I was looking to see how you all keep your aliases organized? Suggestions on naming conventions and such?



  • Well, it depends ;D  There is no one way to do it.  I use a lot of nested aliases.  For example, we have 2 production web servers and a development web server.  I have an alias called WWW_Servers which includes aliases WWW1, WWW2, WWW3.  Those aliases point to the IP addresses of the respective web servers.



  • @KOM:

    Well, it depends ;D  There is no one way to do it.  I use a lot of nested aliases.  For example, we have 2 production web servers and a development web server.  I have an alias called WWW_Servers which includes aliases WWW1, WWW2, WWW3.  Those aliases point to the IP addresses of the respective web servers.

    Nested aliases, I had no idea that you could even do that. But dosent that get a little confusing at times? I can see how that could help the rulesets.



  • Again, it depends on how many, how much, how often etc etc.  I don't have (nor need) a zillion rules everywhere so it isn't that bad.  I currently have about 45 aliases (each user gets one that points to his IP address), with two of them nested.  The alias ExemptFromProxy holds the nested user aliases of users that I need to allow straight out without going through squid, for example, so that I only need one rule to allow them out via 80/443.  At a glance, you can see exactly who is being allowed instead of just an IP address.


Log in to reply