An IP-based rule works but not an alias-based rule

[Jyling]

With the addition of 2x more hosts that should be allowed to talk to an external provider, I disabled the single host-type rule that I had and added another.
For this new rule, I created a host-type alias and included all the 3x LAN hosts in it.
The destination of the old and new rule remains the same: it is a network-based alias that includes 3x networks of my providers, and a port-type rule that includes 2x port ranges.
The rule is for TCP/UDP.
The end result is such that when I disabled the old rule, the old host lost its connection to one of the providers. Only when I enable the old rule does it reconnect.

This is not the 1st time I notice that alias-based rules do not work reliably. I literally can't trust them at all at this point. I keep trying, with every next version of open sense, but this is not getting any better.
Bottom line is that IP host based rules work fine, for both source and destination, but host and network type alias-based rules work intermittently or do not work at all, and there is no pattern to this. The alias is a great idea, but if it does not work, then it should not be offered, until it is figured out and coded 100% reliably. We are not joking here. This is not a party. This is not a dog and pony show. We use the firewalls for access and security.

[Patrick M. Hausen]

Please show all details of the rule and the alias in question if you expect any help with this.

[Jyling]

Ran Apache reports and found more records for which alias type block rules exist. Open sense is really this: open. Open wide.

[Patrick M. Hausen]

If you don't provide any evidence, I call BS.

[franco]

@Jyling

You're approaching a point of no return in your rhetoric. I'm saying this because this is not the first thread I've seen where things appear to go into a wrong direction. Feel free to keep posting, but at some point I'll have to start actively moderating the situation.


Cheers,
Franco

[Jyling]

You're approaching a point of no return in your rhetoric.

Software problems are rhetoric? This is a novel concept.
Lead the way: bring something constructive into this discussion, like propose some solutions, diagnostics, troubleshooting, etc.
You are monitoring the discussion but not offering anything, and then you blame me for something not being constructive (like in the other thread that you locked with that justification). The reality is that I am powerless to satisfy your requirement for it to be that because all I have is a non-working or intermittently working firewall, absent any guidance from the vendor. The two highly active members who demand that I snow them my [confidential] firewall rules do not count for constructive feedback. Such is the reality of real-world IT security. If you become so aggravated by my reporting of problems, I'll leave without waiting for you to draw your moderator sword, as there is no resolution in sight anyway for anything that I bring up. Let open sense remain in its current state. This is the worst thing I can do to it, by the way.

[Jyling]

If you don't provide any evidence, I call BS.

This individual appears to have a special status here, despite him being unrelated to the project, since he is allowed to hurl personal insults, and moderators leave that w/o attention or action. This does not reflect well on the project or the forum.

[Patrick M. Hausen]

The reality is that I am powerless to satisfy your requirement for it to be that because all I have is a non-working or intermittently working firewall, absent any guidance from the vendor.

So show some evidence. Without steps to reproduce this is just FUD.

[franco]

> Software problems are rhetoric? This is a novel concept.

In general it's always people that choose to make problems where there are none.  ;)