Feature #15776
open
System Aliases for various reserved networks
100%
Description
#1979 added a System Aliases facility users can utilize to make rules with the built-in system aliases, and it would be nice to add some pre-defined lists of reserved networks to that.
Examples to start with could be:
- IPv4 Private Addresses: 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
- IPv6 Private Addresses: fc00::/7
- IPv6 Link Local: fe80::/10
- IPv4 Multicast: 224.0.0.0/4
- IPv6 Multicast: ff00::0/8
- Localhost: 127.0.0.1, ::1
The IPv4 and IPv6 aliases could likely be combined.
Tricky part might be finding names which do not or cannot conflict with existing user-defined aliases, or renaming conflicting user aliases.
Related issues
Updated by Jim Pingle 2 months ago
- Due date set to 10/26/2011
- Start date set to 10/26/2011
- Follows Feature #1979: Allow user-defined rules to utilize built-in system aliases added
Updated by Jim Pingle 2 months ago
- Due date deleted (
10/26/2011) - Start date deleted (
10/26/2011)
Updated by Jim Pingle 13 days ago
- Plus Target Version changed from 25.01 to 25.03
Updated by Marcos M 9 days ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 4d7be13979570ea0071ce6e95e976588ee1e2dc8.
Updated by Georgiy Tyutyunnik 9 days ago
feature works correctly after change applied as a patch
aliases are created and populated
tested on:
24.11-RELEASE (amd64)
built on Wed Nov 27 19:22:00 CET 2024
FreeBSD 15.0-CURRENT
Updated by Jim Pingle 9 days ago
This looks good but I can't help wondering if we should have "46" variants with all of the IPv4 and IPv6 addresses together so users can use them in IPv4+IPv6 rules without rolling their own nested aliases (which does work, it just feels like it should be unnecessary).
Or just have one alias with all of them instead of separate 4 and 6 variants. PF will only use the appropriate entries based on the rule type, or it has in the past.