Feature #1979
closed
Allow user-defined rules to utilize built-in system aliases
100%
Description
It would be useful to have some stock aliases that come by default which are not editable by users. These aliases would be somewhat of an extension to the choices we already have for things like "xxx Subnet" and "xxx Address".
Some ideas:- Local Networks
- ipv4_private (or perhaps rfc1918) - 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12
- ipv6_linklocal - fe80::/10
- ipv6_private - fc00::/7
- ipv6_multicast - ff00::/8
Having those available would save users from having to look them up, hardcode them, or make their own aliases for the same values on every system.
Files
| clipboard-202410122022-iudky.png (237 KB) clipboard-202410122022-iudky.png | |||
| clipboard-202410130957-wlooi.png (58.8 KB) clipboard-202410130957-wlooi.png |
Related issues
Updated by JD - almost 12 years ago
I'd like to push things a bit since this would really help a lot.
Jim P wrote:
Some ideas:
- Local Networks
I'm using this one but keeping track with additions/deletions of network segments is a pain.
- ipv4_private (or perhaps rfc1918) - 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12
- ipv6_linklocal - fe80::/10
- ipv6_private - fc00::/7
- ipv6_multicast - ff00::/8
How about a set of aliases covering ports as well?
Having those available would save users from having to look them up, hardcode them, or make their own aliases for the same values on every system.
Any idea when somebody might have time to implement this?
Updated by Chris Buechler almost 12 years ago
as with anything else - when someone's willing to pay for it, or someone does it and submits a merge request.
Updated by Jim Pingle almost 12 years ago
Not sure we'd need much in the way of port aliases. We already have a ton of ports in the drop-down list on firewall and NAT rules.
I'd rather pull info from /etc/services into there before I'd want to pre-create port aliases.
And like Chris said, it will happen when funding appears or code appears. It's a nice to have feature but not critical.
Updated by Ermal Luçi almost 12 years ago
IIrc you already can use the names of a port in /etc/services wherever a port is asked.
So instead of typing 80 you can type http and so on.
I made the changes quite some time ago to support this, unless it has been broken moving on with changes it should work.
Updated by Jim Pingle over 5 years ago
- Category set to Rules / NAT
- Assignee set to Jim Pingle
Updated by Jim Pingle over 5 years ago
- Category changed from Rules / NAT to Aliases / Tables
Updated by Jim Pingle about 1 month ago
- Has duplicate Feature #15774: Add user-accessible system aliases added
Updated by Marcos M about 1 month ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 52e512c0555d9f5a91732907e524364358d3f70c.
Updated by Marcos M about 1 month ago
- Subject changed from Add some default read-only system aliases to Add user-accessible read-only system aliases
- Assignee changed from Jim Pingle to Marcos M
- Target version changed from Future to 2.8.0
- Plus Target Version set to 24.11
The current system aliases such as bogons can now be used in the GUI. Additional ones (such as the given examples) can be considered/added separately.
The system aliases are listed under Firewall > Aliases > All.
Updated by Jim Pingle about 1 month ago
- Precedes Feature #15776: System Aliases for various reserved networks added
Updated by Jim Pingle about 1 month ago
- Subject changed from Add user-accessible read-only system aliases to Allow user-defined rules to utilize built-in system aliases
I moved the additional new system alias definition part to a new issue: #15776
Updated by Danilo Zrenjanin about 1 month ago
Tested against:
24.11-ALPHA (amd64) built on Sat Oct 12 15:22:00 UTC 2024 FreeBSD 15.0-CURRENT
When I started typing 'bogons,' the bogons alias was available. However, hovering the alias in the rule doesn't show the list of networks as it does with other aliases.
Please check.
Updated by Marcos M about 1 month ago
That issue along with some others from other feedback has been fixed for the next build.
Updated by 
Updated by Jim Pingle about 1 month ago
- Status changed from Feedback to Resolved