Hi,
The Alias name allowed character and format requirements are way too restrictive.
It doesn't even allow you to create an Alias using standard RFC hostname formats.
It is very common in enterprize firewall systems to create network objects - i.e. network Aliases - that incorporate an FQDN, or a hostname, or an IP address, or a combination of those, and which include separator characters such as hyphen ("-"), underscore ("_") and the period (".").
The underscore character ("_") is currently allowed in Alias names.
PLEASE, PLEASE, PLEASE change the Alias name syntax to allow the inclusion of at least these two extra characters - hyphen ("-") and period (".")!
Also, can you please add a context help note to indicate the maximum string length for them fields?
Feature requests are best opened as issues on github. This is the community forum - users helping users.
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.
Cheers,
Franco
Quote from: franco on February 01, 2024, 03:37:38 PM
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.
Cheers,
Franco
I tried to lookup '
pf.conf' syntax but could not work out where/how/why it would not allow these extra characters.
Can you give me a pointer?
Perhaps we can get
pf.conf updated to accept them too, assuming it is opensource?
Quote from: franco on February 01, 2024, 03:37:38 PM
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.
Cheers,
Franco
From https://man.freebsd.org/cgi/man.cgi?pf.conf(5) (https://man.freebsd.org/cgi/man.cgi?pf.conf(5)):
QuoteMACROS
Macros can be defined that will later be expanded in context. Macro
names must start with a letter, and may contain letters, digits and un-
derscores. Macro names may not be reserved words (for example pass,
in, out). Macros are not expanded inside quotes.
For example,
ext_if = "kue0"
all_ifs = "{" $ext_if lo0 "}"
pass out on $ext_if from any to any
pass in on $ext_if proto tcp from any to any port 25
Is THIS what you are referring to?
Does an Alias name get used as a pf MACRO name under the hood?
Quote from: franco on February 01, 2024, 03:37:38 PM
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.
Cheers,
Franco
I have raised the following forum post in FreeBSD:
https://forums.freebsd.org/threads/macro-names-vs-firewall-object-names-feature-request-for-more-flexible-naming.92586/ (https://forums.freebsd.org/threads/macro-names-vs-firewall-object-names-feature-request-for-more-flexible-naming.92586/)
Fair enough, but you won't have any luck I think.
We've pondered about a business feature, but the downside is that everything has to be encoded, ends up non-readable in the shell and diagnostics end also has to know about the translation of names.
Bottom line is a lot of work for a business use case that no customer so far asked us to look into. ;)
Cheers,
Franco