Regression #14947
closed
Rules using aliases of type ``URL (IPs)`` are not generated
100%
Description
After updating my Netgate 4100 box to 23.09 it started spamming notifications in the web gui every time the firewall filters are reloaded.
The exact notification reads- Unresolvable source alias 'alias_name' for rule 'Rule description' @ 2023-11-07 08:29:18
These aliases were all configured under 23.05.01 and worked perfectly fine there.
The main issue seems to be that the firewall is unable to find/use the alias, as the aliases themselves update from the external URL just fine.
This issue affects aliases of type 'URL (IPs)', while table aliases like 'URL Table (IPs)' are not affected by the problem.
The net result is that the firewall rules that depends on these aliases simply do not work, like locking me out from external access due to my whitelist rule no longer working, even though the alias itself still lists the whitelisted IP's, both on the alias page, an on the firewalls rule page, so it seems like the GUI picks them up just fine, it is just the actual firewall itself that doesn't.
This issue seem to have affected multiple people, as per this forum post: [[https://forum.netgate.com/topic/183882/unresolvable-source-alias-after-upgrade-to-23-09]]
Related issues
Updated by Remy Monsen about 1 year ago
For reference, I've also tested by creating new aliases under 23.09 and assigning these to the firewall rules, and while this works perfectly fine in the GUI, the reported behavior is the same, a non-functioning firewall rule and a notification every filter reload.
Updated by Steve Wheeler about 1 year ago
- Project changed from pfSense Plus to pfSense
- Category changed from Aliases / Tables to Aliases / Tables
- Status changed from New to Confirmed
- Target version set to 2.8.0
- Affected Plus Version deleted (
23.09) - Plus Target Version set to 24.03
- Affected Version set to 2.7.1
Replicated this in 2.7.1
Updated by Marcos M about 1 year ago
- Subject changed from URL Alias broken in 23.09 to Rules using aliases of type URL IP are not generated
- Assignee set to Marcos M
Updated by Marcos M about 1 year ago
- Subject changed from Rules using aliases of type URL IP are not generated to Rules using aliases of type ``URL (IPs)`` are not generated
Updated by Marcos M about 1 year ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset a6cf534d0fa0297547f1e587a12729f9d7066bae.
Updated by Danilo Zrenjanin about 1 year ago
- Status changed from Feedback to Resolved
I replicated the issue on 23.09-RELEASE (amd64).
After applying the patch, the firewall successfully loaded the list of IPs from the URL type alias.
I am marking this ticket resolved.
Updated by → luckman212 about 1 year ago
Is this patch landing in the 'Recommended System Patches' area for 23.09?
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1
Updated by Jim Pingle about 1 year ago
- Has duplicate Bug #15002: Error 'Unresolvable destination alias' for URL alias of type URL (IPs) since PFSense 23.09 added
Updated by Jim Pingle about 1 year ago
- Has duplicate Regression #15003: URL Alias cause the error "Unresolvable source alias" added
Updated by Jim Pingle 12 months ago
- Target version changed from 2.7.1 to 2.7.2
- Plus Target Version changed from 24.03 to 23.09.1