pfSense

Every network interface with ips configured has a variable "INTERFACE net" which can be used in firewall rules to select all associated ips on that interface. Currently, Virtual IPs (and or virtual IP ranges) bound on a INTERFACE are not considered to be part the "net" of that INTERFACE. I would expect that all associated IPs (be it virtual or not) should belong to the "net" of an interface. This can be work around by creating a new alias which includes all network ranges and replacing the "INTERFACE net" variable in the ruleset, but this is error prone, as future Virtual IPs might get forgotten to be added to this new alias.