"
I am having the same issue. Basically I need to maintain two redundant lists for the same hosts:
- one for DHCP of hosts (Services > Dnsmasq DNS & DHCP > Hosts)
- the other for firewall rules of hosts (Firewall > Aliases)
Specifying FQDN or MAC does not help, since in the worst a separate, duplicate firewall alias needs to be created for *each* host corresponding to an IP/FQDN/MAC host entry of dnsmasq.
It really would be great, if we could directly use dnsmasq host entries in firewall rules.
As an optional, nice to have extension:
To not have any technical dependency on a specific DHCP implementation (dnsmasq is standard for now, but looking at you, ISC DHCP), what about adding a separate "DHCP" or "Hosts" top-level menu entry in OPNsense UI, which forms single source of truth for host/DHCP definitions like IP address, MAC, domain, hostname etc.? Then unified aliases (DHCP, firewall alias) as well as DHCP implementations like dnsmasq could refer to this common layer under control of OPNsense. If there should be a new DHCP server X at some time, just the adapter/converter logic between common host layer <-> X needs to be adjusted.
- one for DHCP of hosts (Services > Dnsmasq DNS & DHCP > Hosts)
- the other for firewall rules of hosts (Firewall > Aliases)
Specifying FQDN or MAC does not help, since in the worst a separate, duplicate firewall alias needs to be created for *each* host corresponding to an IP/FQDN/MAC host entry of dnsmasq.
It really would be great, if we could directly use dnsmasq host entries in firewall rules.
As an optional, nice to have extension:
To not have any technical dependency on a specific DHCP implementation (dnsmasq is standard for now, but looking at you, ISC DHCP), what about adding a separate "DHCP" or "Hosts" top-level menu entry in OPNsense UI, which forms single source of truth for host/DHCP definitions like IP address, MAC, domain, hostname etc.? Then unified aliases (DHCP, firewall alias) as well as DHCP implementations like dnsmasq could refer to this common layer under control of OPNsense. If there should be a new DHCP server X at some time, just the adapter/converter logic between common host layer <-> X needs to be adjusted.
