OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: dragon2611 on November 04, 2017, 04:56:03 pm

Title: Haproxy acl - Source IP matches IP or Alias
Post by: dragon2611 on November 04, 2017, 04:56:03 pm

How do you get it to work with alias?

I've tried tabbing the field but that doesn't seem to work (firefox) and if I don't put an actual IP then it seems ha proxy gets upset.

I wanted to use an negative match on a list if IP's (I.e the rule says deny access to /wp-admin/ on the backend server but if it's one of those IP's on the trusted list the rule shouldn't fire)

Title: Re: Haproxy acl - Source IP matches IP or Alias
Post by: fraenki on November 05, 2017, 09:12:19 pm

Quote from: dragon2611 on November 04, 2017, 04:56:03 pm

How do you get it to work with alias?

Firewall -> Aliases
...are currently not supported in the HAProxy plugin.

(I know, that text reads "Source IP matches IP or Alias", but this is wrong... I'll fix this text (https://github.com/opnsense/plugins/pull/360) with the next release.)


Regards
- Frank

Title: Re: Haproxy acl - Source IP matches IP or Alias
Post by: dragon2611 on November 09, 2017, 05:12:14 pm

Fair enough

It would be really nice if supported alias's but I suspect that's a fair bit of work  ;)

Title: Re: Haproxy acl - Source IP matches IP or Alias
Post by: fraenki on November 14, 2017, 11:59:15 pm

Quote from: dragon2611 on November 09, 2017, 05:12:14 pm

It would be really nice if supported alias's but I suspect that's a fair bit of work  ;)

The main issue is that Aliases are still part of the legacy codebase. Once this part is rewritten, it's easy to add to the HAProxy plugin. Maybe as early as OPNsense 18.1, we'll have to wait. :)


Regards
- Frank