pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-12-15T16:28:43ZpfSense bugtracker
Redmine pfSense Packages - Bug #8213 (New): acl src file not populated from aliashttps://redmine.pfsense.org/issues/82132017-12-15T16:28:43ZJerry Fath
<p>Trying to use an alias as frontend ACL source IP filter. Alias (7 hosts) resolves correctly in pfSense, HAProxy config file looks good, but src file created for alias is empty<br />HAProxy package (non-devel) 0.54_2</p>
<p>I configured an alias called infoddns in pfSense latest stable (2.4.2-RELEASE-p1) that consists of 7 hosts. The hosts are configured as FQDNs that are all updated using ddns. mysub1.mydom.info, mysub2.mydom.info, etc.</p>
<p>When I look at Diagnostics/Tables, infoddns is there and the correctly resolved IP addresses are listed in the table.</p>
<p>I used that alias name as the value for a front end ACL of type "Source IP matches IP or Alias". When I look at the generated HAProxy config, all looks correct:<br />acl infoacl src -f /var/etc/haproxy/ipalias_infoddns.lst</p>
<p>If I add the ACL to an action, those IPs (and all IPs) are blocked and return a 503.</p>
<p>When I look at the file /var/etc/haproxy/ipalias_infoddns.lst it is empty.</p>
<p>It seems that everything is set up correctly, but the resolved alias IPs are never written to the HAProxy acl src file. Restarting HAProxy causes ipalias_infoddns.lst to be re-written, but still empty.</p>