Aliases

Aliases enable you to group ports, hosts, or networks into named entities, which you can then refer to in firewall and NAT rules and traffic shaper configuration. This allows you to create more manageable rules; in addition, changes in IP addresses, ports or networks will not necessitate multiple configuration changes – you may be able to just change an alias.

Not all options available in the pfSense web GUI allow you to use aliases, but you will always know when you can use aliases. An edit box that is alias-friendly will have a red background, and if you start to type the alias name, pfSense's autocomplete functionality can complete the name.

  1. To create an alias, navigate to Firewall | Aliases. The Aliases landing page has four separate tabs: IP, Ports, URLs, and All.
  1. Clicking on one of the tabs will show a table with all of the previously created aliases in that category (for example, the IP tab displays a table with IP aliases).
  2. If you want to create an alias of a specific type, you can click on the corresponding tab and then click the Add button below the table.

But selecting the right tab before clicking Add is not necessary – you can create an alias for any supported type from any tab, because selecting the corresponding tab before clicking on Add only changes the default value in the Type drop-down box.

  1. Clicking on the Add button on any of the tabs will launch the Aliases / Edit page.
  1. There are two sections on the Edit page. The first section is called Properties; the second section's name changes depending on what you select in the Type drop-down box. The first option in Properties is Name, where you enter the name which pfSense will use to identify the alias. It may only consist of letters, numbers, and the underscore character. You may also enter a free-form, non-parsed description in the next field. In the Type drop-down box, specify the type of alias you want. The options for Type are:
    • Host(s): Selecting this option enables you to enter one or more hosts. The hosts must be specified by either their IP address or fully qualified domain name (FQDN). If you use an FQDN, the hostnames will periodically be reresolved and updated. If you use IP addresses, you may specify an IP range or a subnet. You can add more than one entry.
    • Network(s): Selecting this option allows you to specify one or more networks. The network prefix for each entry must be specified, along with the CIDR mask.
    • Port(s): Selecting this option allows you to specify one or more ports. Port ranges can be specified by separating the first and last port with a colon.
    • URL (IPs): Allows you to specify one or more URLs which point to text lists of IP addresses for which an alias will be created. Using this option causes pfSense to download the list, or lists, once and then convert it into a conventional alias. You can enter as many URLs as you wish, but each file should be limited to 3000 IP addresses/ranges or less.
    • URL (Ports): Allows you to specify one or more URLs which point to text lists of ports for which an alias will be created. As with URL (IPs), the list or lists are downloaded once and then converted into a conventional alias. You can enter as many URLs as you wish, but each file should be limited to 3,000 IP ports/ranges or less.
    • URL Table (IPs): Similar to URL (IPs), but with this option, you can only specify a single URL containing IPs/ranges of IPs/subnets, and this list is downloaded and refreshed periodically. This option will work with large numbers of addresses/ranges/subnets (30,000 or more). With this option, in the second section of the page, you enter the URL of the list, the update frequency in days (selected in the drop-down box), and you can also enter a brief description in rightmost edit box.
    • URL Table (Ports): Similar to URL (Ports), but you can only specify a single URL containing ports/ranges of ports, and this list is downloaded and refreshed periodically. As with URL Table (IPs), in the second section of the page, you enter the URL of the list, the update frequency in days, and you may also enter a brief description.

As you may have surmised from our description of the different alias types, the second section of the page is where you enter information about what the alias stands for, which is one of the following:

  • An FQDN
  • An IP address/range of IP addresses/network
  • A port or range of ports
  • An URL

For all the types except the two URL Table options, multiple entries are allowed. You can add more than one entry by clicking on the green Add button at the bottom of the page after each new entry is defined (it will have the label Add Host/Add Network/Add Port/Add URL, depending on which option you choose). When you are done adding entries, click on the Save button at the bottom of the page and click on the Apply Changes button on the main Aliases page.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset