I created alias with several ASNs and i put that in firewall rules. Everything is working as expected. My question is, what happens if new IP blocks are added to those ASNs? Does alias get updated automatically, or alias triggers whois every time rule with that alias gets triggered ? Or something else?
Go to cron jobs and add an "Update and reload firewall aliases" job every day or whenever you see fit.
Quote from: sopex on June 13, 2026, 12:04:13 PMGo to cron jobs and add an "Update and reload firewall aliases" job every day or whenever you see fit.
That was not my question. I want to know if they are updated automatically, or i have to intervene?
Quote from: Nullman on June 13, 2026, 12:10:41 PMThat was not my question. I want to know if they are updated automatically, or i have to intervene?
If you add a cron job they are updated automatically every X amount of time.
Otherwise, they don't.
My bad, I just assumed the end goal was to do it automatically.
The 'last updated' column in Firewall/Aliases suggests all my dynamic aliases (including ASN based) are getting updated. I have no cron job enabled for this.
But it is not clear to me what an ASN based alias update entails or if its happening. The Firewall/Log/General shows there is an master ASN list update, but no indication that the IPs in an active ASN based alias are being checked and updated. Is the ASN CIDR mapping something that is confined to the internals of pf?