OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: woo on August 25, 2016, 10:19:24 am
-
Hi all,
is there any valid method for nesting aliases, or to create host groups without listing IPs?
I'm designing the ruleset for my new OPNsense-as-VPN-concentrator appliance,
and I noticed that things tend to get unwieldy rather quickly.
If I have five people requiring access to ticketing, that's five separate rules IFF I want to adress them by alias instead of by IP address. I would much prefer to create a group alias Ticket_Users and shove the five user aliases in there, condensing all into one rule only.
I know that that's not a trivial feature, as it brings error cases like circular nesting with it, but it would be a great improvement over pfSense and other similar projects.
Best regards,
Woo
-
Hi Woo,
This should work out of the box given that you have your user aliases set up, you can add them to other aliases of the same type by typing their names instead of real alias values and they should start appearing in the suggestions.
If something doesn't work as expected please let us know. :)
Cheers,
Franco
-
If something doesn't work as expected please let us know. :)
That's why I posted.
I created my VPN IP aliases as "host(s)" type. Then I create another host(s) alias, start entering an existing name, getting the suggestion box, select the alias I want.. but as soon as I hit the Save button, it gets marked in red with a message "not a valid IP address".
-
I think I have narrowed down the problem: Adding aliases to aliases does only then not work if the added alias name includes an underscore _ character.
-
Hi Woo,
Ah, yes, this will be fixed in 16.7.3. We had a bug report a few weeks ago:
https://github.com/opnsense/core/issues/1113
You can preview the fix locally by running this command from the root console:
# opnsense-patch 90a6bb77
Cheers,
Franco
-
Thanks, that works! :)
-
Neat, I'm marking this solved. Thank you. :)