pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-21T03:23:33ZpfSense bugtracker
Redmine pfSense - Feature #15276 (New): Support JSON content for URL type firewall aliaseshttps://redmine.pfsense.org/issues/152762024-02-21T03:23:33ZSergei Shablovsky
<p>Brilliant pfSense DevTeam!</p>
<p>WHERE<br />In Firewall / Aliases, URLs tab(selector)</p>
<p>CASE<br />JSON need to be allowed in “URL (IPs)” type of firewall aliases, the same as XML and TXT are allowed.</p>
<p>ARGUMENT<br />Nowadays most SaaS and services present their data on JSON and XML more frequently than PLAIN TXT file answer on certain URL.<br />(For example external monitoring services.)</p>
<p>And logically wrong if pfSense user able to entering the XML and PLAIN TXT source in URL (IPs), but no JSON. (And only URL Table (IPs) allow the JSON).</p>
<p>I understand that from the beginning of pfSense’s life exist only 2 types of URL-sources:<br />- small lists<br />- big lists <br />and to eliminate time and resources to keep IPs, the parameter/ability of refresh of big lists was made in WebGUI.</p>
<p>But FROM USERS PERSPECTIVE all 3(JSON, XML and PLAIN TXT) source are the same - certain amount of data, and frustrating when possible to add XML and PLAIN TXT in URL (IPs), but JSON - only in another type, only in URL Table (IPs).</p>
<p>Thank You!</p> pfSense - Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffichttps://redmine.pfsense.org/issues/151342024-01-03T11:03:01ZRajko Bogdanovicrajko@itroom-a.com
<p>After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic was blocked from that point until a full reboot was done. <br />Once rebooted, old nat/access rules are working again using a new alias.</p> pfSense - Feature #15068 (New): Show if an alias is currently in usehttps://redmine.pfsense.org/issues/150682023-12-05T22:36:42ZMarcelo Cury
<p>I would like to check if it is possible to include in a future release the ability to see if an alias is being used in a Firewall rule when checking the aliases page.<br />Perhaps also show the Track ID ? I think this would be a very nice feature to have.</p>
<p>As I see it, it would help a lot to track things, avoid exclusions of aliases that are in use and help to clean up.</p>
<p>Thanks.</p> pfSense - Feature #14952 (Pull Request Review): Firewall Alias Importhttps://redmine.pfsense.org/issues/149522023-11-08T05:03:00ZAdam Di Vizio
<p>Hi There,</p>
<p>When you create a new Alias in PFSENSE, you can click on import option where it gives you a text box to enter a bulk of IP addresses at a time. However, if you want to add multiple IP subnets or IP addresses to an existing alias, it currently doesn't have that option available in the GUI. The only two options is 1) Export the Alias information manually, edit the text file with the additional subnets, delete the current alias then copy the entire file again and manually create the bulk alias again or 2) manually add each individual IP address or IP subnets to an existing firewall alias.</p>
<p>I would like to see an option available where I can add bulk subnets or IP address to an existing alias as it can be beneficial for people like me who uses Snort IDS.</p>
<p>Thanks,<br />Adam</p> pfSense - Bug #14313 (Assigned): Unable to create nested URL table aliaseshttps://redmine.pfsense.org/issues/143132023-04-26T05:22:32ZAzamat Khakimyanov
<p>In docs there is a phrase:<br /><em>"URL table aliases can nest other URL table aliases, and URL aliases can nest other URL aliases."</em></p>
<p>I'm tested it on 23.01 and on 23.05-DEV and I can't create nested alias with 2 URL table aliases inside:</p>
<p>1. If I tried to create 'Type: Host(s)' alias, I got <br /><em>"The following input errors were detected:<br />The alias(es): urltest1 urltest2 cannot be nested because they are not of the same type."</em></p>
<p>2. If I tried to create 'Type: Network(s)' alias, there was no error but I didn't see this new alias in Diagnostics/Tables</p>
<p>3. If I tried to create 'Type: URL (IPs)' alias, I got <br /><em>"The following input errors were detected:<br />A valid URL or alias must be provided. Could not fetch usable data from 'urltest1'.<br />A valid URL or alias must be provided. Could not fetch usable data from 'urltest2'."</em></p>
<p>4. If I tried to create 'Type: URL Table (IPs)' alias and add one of these URL Table aliases I already created, I got<br /><em>"The following input errors were detected:<br />A valid URL must be provided."</em></p>
<p>5. If I tried to import aliases, I got no errors but I didn't see this new alias in Diagnostics/Tables</p> pfSense - Bug #13772 (Confirmed): Changing the alias resolve interval to the default value does n...https://redmine.pfsense.org/issues/137722022-12-18T11:52:17ZMarcos M
<p>Under <code>System / Advanced / Firewall & NAT</code>, if the <code>Aliases Hostnames Resolve Interval</code> option is changed from a custom value to a blank (default) value, <code>filterdns</code> processes are not restarted. Changes to custom values do correctly restart the processes.</p> pfSense - Feature #13732 (New): Allow the use of macros within aliaseshttps://redmine.pfsense.org/issues/137322022-12-07T11:33:09ZLuc Courville
<p>Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be better if we can have more flexibility.</p>
<p>Can you make the option to create an Alias with Interface net and interface address.(drop down list) (same as when we create rules in destination drop down list) (ex: This Firewall, any, Alias or host, interface_name net....)<br />That way when we create a alias we choose Lan net, dmz net....<br />After that we can create a any rules with that alias.</p>
<p>There is my workaround about ipv6 traffic. <br /><img src="https://redmine.pfsense.org/attachments/download/4558/clipboard-202212071225-g4pv3.png" alt="" /><br />I create an interface group and add all local net. (Dynamic ipv6 from ISP)<br />Then create all rules for my need and it seem to work.</p>
<p>All other tab is reserved to IPv4 only.</p>
<p>If we can have alias as request the correct rules could be in tab interface instead of having lots of deny rules.</p>
<p>Best way to have the same behavior as we have in ipv4 (block all communication between vlan).</p> pfSense - Bug #13706 (Confirmed): Static routes are not updated when updating a nested alias.https://redmine.pfsense.org/issues/137062022-11-28T19:16:13ZMarcos M
<p>Tested on <code>22.05</code> and <code>23.01.a.20221123.0600</code>.</p>
Setup:
<ul>
<li>Create the network alias <code>a2</code> with a subnet defined.</li>
<li>Create the network alias <code>a1</code> with <code>a2</code> as an entry and an additional subnet.</li>
<li>Add a static route using the alias <code>a1</code>.</li>
</ul>
Issue:
<ul>
<li>Updating <code>a2</code> correctly updates the alias table seen under Diagnostics / Tables, but it does not affect the route table.</li>
<li>Re-saving <code>a1</code> adds a new route with the updated settings, but the old route is not removed.</li>
<li>Removing <code>a2</code> from <code>a1</code> does not delete the routes.</li>
</ul> pfSense - Feature #12600 (New): allow custom mask for a network alias created from a FQDNhttps://redmine.pfsense.org/issues/126002021-12-15T10:45:07ZBob Dig
<p>This is not IPv6 specific:<br />It would be nice if a network alias created from a FQDN could have a mask other then /128 (/32), for instance /64.</p>
<p>That would be especially useful to allow incoming connections from a specific /64, because of privacy extensions that are used in Windows all the time.</p>
<p>Or a /56 could be used where on the other side only the router does DDNS.</p> pfSense - Feature #12564 (New): add column to show that an Alias is in use by or nothttps://redmine.pfsense.org/issues/125642021-12-04T08:14:01Zkhaled osama
<p>can you add column to show that an Alias is in used or not<br />and it is clickable to show where it is used ?</p>
<p>is it applicable ?</p>
<p>thanks and best regards,</p> pfSense - Feature #10918 (New): IP Aliases de-duplicationhttps://redmine.pfsense.org/issues/109182020-09-20T00:00:19ZNima Mohammadinimamhd@gmail.com
<p>when i add an IP Aliases with duplicate or same IP-address, it will add those IPs without any warning about duplicate entries.</p>
<p>I think it is much better to prevent duplicate IPs in Aliases.</p> pfSense - Feature #10290 (New): Firewall Aliases Add button on top of listhttps://redmine.pfsense.org/issues/102902020-02-25T07:08:23ZConstantine Kormashev
<p>It would be good if we one more Add button would add on top of list. If adding new aliases happens often, then Add on top makes that process faster.<br />Probably it would be good adding "top" Add button to all Firewall aliases sections.</p> pfSense - Bug #7665 (New): Host range validation for Aliases is not strict enoughhttps://redmine.pfsense.org/issues/76652017-06-28T11:41:34ZRe Load
<p>Steps to reproduce:</p>
<p>1. Enter an invalid host range for an IP alias, such as 192.168.1.1-10, and click Save.</p>
<p>The host range will be accepted, but does not function as one might expect. In fact, the syntax is invalid and only the first host in the range will be matched by this alias.</p>
<p>Desired behaviour:</p>
<p>The host range should be rejected by the form validation. The correct syntax for the example above would be 192.168.1.1-192.168.1.10</p> pfSense - Feature #5735 (New): Automaticaly add DHCP leases to alias list or make it readable in ...https://redmine.pfsense.org/issues/57352016-01-05T05:21:42ZA Bdaywalker@eth0.io
<p>Hi<br />Last week I had a bigger Setup to deploy with some static DHCP Leases and a few Port forwarding's. I Just want to ask if it would be possible to automate the Process of creating (and linking of course) an Alias that belongs to a DHCP Lease.<br />Something like a system wide network object. Also Maybe fpr Subnets, and Ports of course.<br />But for now i struggled with having to enter everything twice (static DHCP leases and Aliases for the Firewall Rules)</p>
<p>Best regards</p> pfSense - Feature #3387 (New): process_alias_urltable Frequencyhttps://redmine.pfsense.org/issues/33872014-01-06T11:35:18ZShawn Brucekantlivelong@gmail.com
<p>Currently the urltable design only allows for updates on a daily interval and is processed via crontab every 12 hours. It would be more beneficial to allow the user to decide on the update frequency in minutes instead.</p>
<p>Proposed changes:<br />1.)Change the frequency from a dropdown to a text field.<br />2.)Change current crontab to:
* * * * * root /usr/bin/nice -n20 /etc/rc.update_urltables<br />3.)Change process_alias_urltable() to use 60 instead of 86400 seconds ( After pending merge <a class="external" href="https://github.com/pfsense/pfsense/pull/876">https://github.com/pfsense/pfsense/pull/876</a> )</p>