Personal tools

Aliases

From PFSenseDocs

Jump to: navigation, search


What are Aliases?

From the pfSense WebGUI: Aliases act as placeholders for real hosts, networks or ports. They can be used to minimize the number of changes that have to be made if a host, network or port changes. You can enter the name of an alias instead of the host, network or port in all fields that have a red background. The alias will be resolved according to the list [on the Aliases page of the WebGUI]. If an alias cannot be resolved (e.g. because you deleted it), the corresponding element (e.g. filter/NAT/shaper rule) will be considered invalid and skipped.

Why would I want to use Aliases?

The best example is for blocking a list of hosts considered "bad". If you were to add a rule for each host you wanted to block individually, your rules list would grow quite large. By adding all of these hosts to an alias, you only need one firewall rule.

Examples

Say you have three web servers in a DMZ, and want to allow HTTP, HTTPS, and FTP traffic to these servers. It can be accomplished with a single firewall rule and two aliases.

  • Create an alias called "WebServers" and add to it the IPs of your three web servers.
  • Create an alias called "WebServerPorts" add add to it ports 21, 80, and 443.
  • Create a firewall rule and for the destination, choose "Single Host or Alias", then click in the field and type "WebServers". It will autocomplete, and you can click to select it. For the destination port, click in the box and type "WebServerPorts".

Click Save.

You now have a single firewall rule that would have otherwise taken 9 separate rules to accomplish!

Aliases and Hostnames

For Host and Network type aliases, you can enter a fully qualified domain name (FQDN) instead of an IP address. The FQDN will be resolved by DNS every 5 minutes and updated internally. This can be useful for tracking dynamic DNS entries to identify sites or users that are unable to use a static IP.

URL Table Aliases

A URL table alias is a URL that points to a plain text file containing IP and/or CIDR masked network addresses. The URL will be periodically downloaded and refreshed. The contents of the file would look like so:

192.0.2.0/24
172.22.59.49
192.168.0.128/64

URL Alias

Similar to a URL table in that the file format is the same. However, the content is only requested once and is immediately turned into a traditional alias.