OPNsense Forum
English Forums => General Discussion => Topic started by: TheLatestWire on May 25, 2016, 03:56:22 pm
-
Hi - I previously encountered an issue that prevented me from adding new networks to an alias that was a very long list of CIDR networks (~2500). Franco created a patch that fixed the issue, but now it seems to have returned.
To reproduce the issue, I click on "Firewall/Aliases/View" and then click to edit one of my aliases which is a long list of CIDR networks. I scroll all the way to the bottom of the list and add the new CIDR network, then click "Save". When it was working, it would then return me to the list of Aliases with a "Click to Apply" button, but now it just returns me to the same Alias that I added a new entry to with the "Save/Cancel" button at the bottom of the page.
Is it possible to edit/add to aliases from the shell? Maybe I could do this as a temporary work around?
Any assistance would be greatly appreciated.
Thanks.
-
bump?
-
Have u tried with another browser?
-
That was my first thought too but I also tried it with Chrome, thinking it was a browser issue, but the same thing happened. Hopefully Franco sees this as he was able to resolve it last time. So much time has passed since that patch that I don't want to try to apply it now for fear of breaking it worse.
-
Do you get an PHP error? If it is a memory error, you can fix it by increasing the memory limit until a final fix is available.
-
It doesn't show a PHP error when it fails but I do see one in the Lobby/Dashboard where it says "A problem was detected", and says it can be fixed by increasing the max_input_vars variable.
[09-Jun-2016 13:36:10 America/Chicago] PHP Warning: Unknown: Input variables exceeded 5000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
I changed max_input_vars from 5000 to 9000 in /usr/local/etc/rc.php_ini_setup and then ran /usr/local/etc/rc.restart_webgui and then verified the new 9000 setting showed in /usr/local/etc/php.ini and it did, but that didn't fix the problem. I thought 9000 should be high enough to resolve it but maybe I'm wrong.
-
Hi there,
Sorry, very busy of late with other work.
It's going to be difficult to keep upping the limit for the alias. Is there a different route we could go, a second alias? If that doesn't work for your use case please tell us why, I think that would be the better fix in the long run. :)
Cheers,
Franco
-
No worries Franco, no rush either. :) I have created a second alias that I'm adding networks to for now since I've reached the limit on the first. In the end though, it would be nice to be able to have a single alias with all the entries in it rather than multiple aliases. Just to keep things simple, one alias and one firewall rule would be preferred over multiple aliases and multiple rules for the same goal.
-
I know this will sound totally counter-intuitive, but please bear with me. :)
Have you tried to add a third alias of the needed alias type and typed the name of a previous alias there?
You should be able to do this and then use the new alias-alias in your rule instead.
-
I might not fully understand, but do you mean put an alias or two or three inside a new alias? Like nesting multiple aliases inside a new single alias so I can just have one firewall rule referencing the new alias with all the others nested in it?
If that's what you mean, I don't think I can do it. When I create a new alias I can only add Hosts, Networks, Ports, Urls, or GeoIPs items to it.
Maybe I'm misunderstanding though? I'm afraid to add a new alias using the same name as an existing alias though, for fear of overwriting the existing alias.
-
I might not fully understand, but do you mean put an alias or two or three inside a new alias? Like nesting multiple aliases inside a new single alias so I can just have one firewall rule referencing the new alias with all the others nested in it?
Yes. I remember we put this back a while ago... I did the following that works:
Host aliases A, B and C. A was filled with a real host, B was filled with a real host.
Now, C was filled with A and B. And then C was used in the rule which does what you want.
If that's what you mean, I don't think I can do it. When I create a new alias I can only add Hosts, Networks, Ports, Urls, or GeoIPs items to it.
That's odd, because it even has auto-suggestions on typing aliases in there. :)
Maybe I'm misunderstanding though? I'm afraid to add a new alias using the same name as an existing alias though, for fear of overwriting the existing alias.
If you have a config backup you can always restore your aliases section individually.