Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.3 Firewall -> Aliases Hosts(s) subnet broken

    Installation and Upgrades
    4
    9
    2551
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sforsythe last edited by

      In 2.3 when trying to add an Alias of type "Host(s)" , the text reads

      "Enter as many hosts as desired. Hosts must be specified by their IP address or fully qualified domain name (FQDN). FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used. An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated."

      However, if I enter in a form like 192.168.0.0/24 , I get a pop up message "Please match the requested format" when I click save.
      The actual dropdown is greyed out at "32" and does not allow you to change value.

      Using 192.168.0.1-192.168.0.254 does work.

      As a side note, if entering an alias for a 'subnet' … is it possible to have the 'values' shown as 192.168.0.0/24 vs listing out 254 ips ?

      Shane

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        if you want aliases that are networks use the networking type for aliases


        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • S
          sforsythe last edited by

          But if I make a "network" type, then I can not add to another alias that is host(s).

          ie
          Host Alias:      sam
          Host Alias:      joe
          Network Alias: dr_network

          Host Alias:  trusted  (that includes sam, joe, dr_network ).

          If indeed that is not the intended functionality, at the very least the text should be corrected, ie

          " An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated"

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            huh?

            Here is an alias that has a specific IP, a fqdn and a network in it..


            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

            1 Reply Last reply Reply Quote 0
            • S
              sforsythe last edited by

              That is an alias that has 3 hardcoded types

              I want an alias that contains other aliases.

              Try this, create 2 aliases:

              1. type = host(s)
                    name = sam
                    ip = 192.168.1.22

              2. type = network
                    name = backup_net
                    ip = 10.10.1.0/24

              3. type = host(s)
                    name = trusted
                    ip = sam
                    ip = backup_net

              As you type "sa" , the autocomplete fills out sam
              As you type "test" , the autocomplete never fills out

              You can fully type in test and hit enter, and appear to save , but have to set up a test network to see if actually respecting the alias in the config even though did not appear to be a valid value according to the autocomplete

              1 Reply Last reply Reply Quote 0
              • S
                sforsythe last edited by

                Ok, I was able to set up a test network and rules and it does work if you manually type it.

                But still I believe it is a bug in the autocomplete functionality which I believe is giving me a list of all 'valid' aliases that I can enter (and the network one doesn't present) … that and the text in the type=host(s) should be changed if you in fact should not be able to enter a subnet.

                1 Reply Last reply Reply Quote 0
                • P
                  phil.davis last edited by

                  That input field in 2.2.6 allowed "free text" to be entered. Then the validation code parsed and checked it, reporting any errors it found. The parsing automagically took apart lists of IP addresses, IP ranges, converting a (small) range into a list of individual addresses (for the hosts type case) etc. - like in the help text.

                  The parsing code is still all there, patiently waiting for any input like that. But now with "bootstrap" there is real-time validation being done in the front-end. So you can't actually input text in those formats.

                  If the front-end validation is changed to just allow "free text" input (or some interesting more complex repeating pattern), then the back-end validation can take over again.

                  As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                  If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis last edited by

                    Redmine issue https://redmine.pfsense.org/issues/6322
                    Pull request https://github.com/pfsense/pfsense/pull/2937

                    I tested a bunch of variations of entering network/CIDR and IP address ranges and the back-end code is still expanding them OK. Allowing the extended forms of input at the front-end (as per the pull request) is all that is needed.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • B
                      benofishal last edited by

                      @sforsythe:

                      Ok, I was able to set up a test network and rules and it does work if you manually type it.

                      But still I believe it is a bug in the autocomplete functionality which I believe is giving me a list of all 'valid' aliases that I can enter (and the network one doesn't present) … that and the text in the type=host(s) should be changed if you in fact should not be able to enter a subnet.

                      I am seeing the same issue, if I create a new alias with type Host, when I type an existing alias the autofill only shows Host aliases. If I were to choose alias type network the autofill will only show network aliases. If we want to create a group alias of both existing host and network aliases the autofill is not useful. I am trusting above that manually typing a mixture of host and network aliases into a new network alias will still consider IPs for the child aliases in question.

                      Some clarification on this matter would be very much appreciated.

                      I second this is a bug that should be fixed.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post