Project

General

Profile

Actions
Copy link

Feature #15550

open

Support using aliases/macros for sources when creating a block rule with ``easyrule`` in the CLI

Added by David Moo 21 days ago. Updated 20 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

If I type from cli:

easyrule block wan Kids_Devices
Tried to block invalid address: Kids_Devices

The eaysrule docs claim:

The source of traffic to block.

Can be an IPv4/IPv6 address, subnet, alias name, or special network name such as any, pppoe or l2tp.

The GUI code seems to only allow IP's and subnets.

function easyrule_parse_block($int, $src) {
    if (!empty($src) && !empty($int)) {
        $src = trim($src, "[]");
        if (!is_ipaddr($src) && !is_subnet($src)) {
            return gettext("Tried to block invalid address:") . ' ' . htmlspecialchars($src);
        }
        $int = easyrule_find_rule_interface($int);
        if ($int === false) {
            return gettext("Invalid interface for block rule.");
        }
        switch ((string)easyrule_block_host_add($src, $int)) {
            case "exists":
                return gettext("Block entry already exists.");
                break;
            case "invalid":
                return gettext("Invalid address.");
                break;
            case "1":
                return gettext("Block added successfully");
                break;
            case "":
            default:
                return gettext("Failed to create block rule, alias, or add entry.");
                break;
        }
    } else {
        return gettext("Tried to block but had no address or interface");
    }
    return gettext("Unknown block error.");
}
Actions
Copy link
 #1

Updated by dylan mendez 20 days ago

I can replicate this on 24.03.

Documentation indicates an alias should work.

Actions
Copy link
 #2

Updated by Jim Pingle 20 days ago

  • Tracker changed from Bug to Feature
  • Project changed from pfSense Plus to pfSense
  • Subject changed from easyrule block and alias not working, docs say it should. to Support using aliases/macros for sources when creating a block rule with ``easyrule`` in the CLI
  • Description updated (diff)
  • Category changed from Rules / NAT to Rules / NAT
  • Affected Plus Version deleted (24.03)
  • Affected Architecture deleted (All)

This isn't a bug but a missing feature. Using an alias works for pass rules, but not for block rules.

Though I'm not sure how viable it is since the block path wants to add the blocked source to an easyrule-specific alias which is a much different code path. It isn't just creating a rule with that alias.

If it's not viable to change we can update the docs to take that bit out.

Actions
Copy link

Also available in: Atom PDF