OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: thejasonator on October 28, 2019, 03:22:18 pm

Title: Possible to use Firewall IP Alias list in HAProxy Conditions?
Post by: thejasonator on October 28, 2019, 03:22:18 pm

Hi there,

I want to test if the Source-IP is within a certain list of IPs and then set a header.

For example, I have a Firewall Alias called Trusted_IPs, which is a list of about 10 trusted IP addresses that is reloaded from an URL table once a day.

If the frontend receives a request from one of these IPs I want it to do http-request header set X-Trusted-IP Trusted

So far, I have only been able to get the Condition "Source IP matches specified IP" to work with a single IP address.

I found this exact issue being discussed in OPNsense 17 forum at https://forum.opnsense.org/index.php?topic=6316.msg27255#msg27255 (https://forum.opnsense.org/index.php?topic=6316.msg27255#msg27255) and it was mooted to be available from 18.1, but I can't find a way of doing it.

Thanks for your help,
Jason

Title: Re: Possible to use Firewall IP Alias list in HAProxy Conditions?
Post by: fog on August 26, 2020, 11:15:59 am

It is still not possible? :(

My workaround:
with a Custom condition (option pass through) 'allowed_ip' define a HAProxy acl condition for many IP's, subnet and also dyndns names in textbox Option pass-through i.e.:
src 1.1.1.1 2.2.2.0/24 a.dyndns.com b.dyndns.com

And in the rule to redirect to the backend add the condition 'allowed_ip'.

My Firewall Alias contain many IP's: I copied the IP's from  Firewall: Diagnostics: pfTables -> Alias