Bug #8213
openacl src file not populated from alias
0%
Description
Trying to use an alias as frontend ACL source IP filter. Alias (7 hosts) resolves correctly in pfSense, HAProxy config file looks good, but src file created for alias is empty
HAProxy package (non-devel) 0.54_2
I configured an alias called infoddns in pfSense latest stable (2.4.2-RELEASE-p1) that consists of 7 hosts. The hosts are configured as FQDNs that are all updated using ddns. mysub1.mydom.info, mysub2.mydom.info, etc.
When I look at Diagnostics/Tables, infoddns is there and the correctly resolved IP addresses are listed in the table.
I used that alias name as the value for a front end ACL of type "Source IP matches IP or Alias". When I look at the generated HAProxy config, all looks correct:
acl infoacl src -f /var/etc/haproxy/ipalias_infoddns.lst
If I add the ACL to an action, those IPs (and all IPs) are blocked and return a 503.
When I look at the file /var/etc/haproxy/ipalias_infoddns.lst it is empty.
It seems that everything is set up correctly, but the resolved alias IPs are never written to the HAProxy acl src file. Restarting HAProxy causes ipalias_infoddns.lst to be re-written, but still empty.
Updated by Pi Ba about 7 years ago
Basically current haproxy package only supports static ip/subnet aliases.
Workaround available here (Thanks Jerry :) ): https://forum.pfsense.org/index.php?topic=141438.msg773319#msg773319
Which might be a good start for implementing that or something similar into the package..