OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Alphabet Soup on April 18, 2017, 04:04:06 am

Title: Host vs Network Aliases
Post by: Alphabet Soup on April 18, 2017, 04:04:06 am

In one OPNsense 17.1.4 install I have some firewall rules that reference a Host alias which is populated with IP addresses, e.g. 192.168.5.8, 192.168.99.54, etc.

Now I have a need to apply these same rules to a network, e.g. 10.35.0.0/16.

I can of course create a new Network alias and create copies of all the relevant firewall rules, changing these copies to reference my new Network alias.

My question is whether that is the best way to do it?  Is there a performance impact from having more rules?  If instead I moved all the Hosts into the Network alias, is there a performance impact from having hosts in a network alias?  Do I lose or gain some functionality either way?

Title: Re: Host vs Network Aliases
Post by: franco on April 18, 2017, 07:21:41 am

Hi there,

You can nest aliases, so create a wrapper for either two explicit aliases or a new alias with the network that includes the former alias.


Cheers,
Franco

Title: Re: Host vs Network Aliases
Post by: Alphabet Soup on April 18, 2017, 02:56:34 pm

Nesting sure keeps the Rules simpler.  Is there any (significant) performance impact that you're aware of?

Title: Re: Host vs Network Aliases
Post by: franco on April 18, 2017, 03:17:11 pm

No, they are expanded prior to being written to the ruleset, so you end up with the same speed as when typed explicitly multiple times.