Feature #6130
closed
Alias-table failures can easily lead to serious security degradation should be caught
0%
Description
Failures that result in empty alias-tables being created (e.g., https://redmine.pfsense.org/issues/6119) or tables failing to be created (e.g., https://redmine.pfsense.org/issues/4513) are not detected.
Aliases are seriously useful in being able to define concepts and create much more "human consumable" rules. The increased clarity helps reduce complexity (well, to the User, anyway) and errors and thus aids security by helping ensure correct configurations.
Alias-table failures, by definition (pun intended), cause loss of functionality and, depending upon that functionality, can cause significant loss of security -- which is a prime purpose of pfSense.
As indicated in issue 6119, we had a device modified because of the loss of security due to this kind of failure. While it wasn't catastrophic, it easily could have been.
It would be much nicer (and safer) if these kind of failures were caught by pfSense. E.G., something as "simple" as warning when tables are defined (and used in a rule) but are missing or empty would really have helped with issues 6119 and 4513.
Updated by 
Updated by