Haproxy acl - Source IP matches IP or Alias

[dragon2611]

How do you get it to work with alias?

I've tried tabbing the field but that doesn't seem to work (firefox) and if I don't put an actual IP then it seems ha proxy gets upset.

I wanted to use an negative match on a list if IP's (I.e the rule says deny access to /wp-admin/ on the backend server but if it's one of those IP's on the trusted list the rule shouldn't fire)

[fraenki]

How do you get it to work with alias?

Firewall -> Aliases
...are currently not supported in the HAProxy plugin.

(I know, that text reads "Source IP matches IP or Alias", but this is wrong... I'll fix this text with the next release.)


Regards
- Frank

[dragon2611]

Fair enough

It would be really nice if supported alias's but I suspect that's a fair bit of work 

[fraenki]

It would be really nice if supported alias's but I suspect that's a fair bit of work 

The main issue is that Aliases are still part of the legacy codebase. Once this part is rewritten, it's easy to add to the HAProxy plugin. Maybe as early as OPNsense 18.1, we'll have to wait.


Regards
- Frank