Alias API to replace address instead of append

Started by blusens, August 06, 2025, 09:29:38 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 06, 2025, 09:29:38 AM
Hi,

I have 2 locations with ipv6 dynamic pd and each location uses dyndns with Cloudflare (i.e. wan1.example.local).

I want to allow traffic between the ipv6 subnets from these 2 locations and the best way I came up with, is a small script that updates an alias via API, that will run hourly via cron. (then and an allow rule with alias)

My issue so far is that using "/api/firewall/alias_util/add/[alias_name]" will append the new IP to the alias. Can anyone suggest what I should use, so that the new IP replaces the old?

Quotecurl \
  --header "Content-Type: application/json" \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  --data "{\"address\":\"$(dig +short AAAA wan1.example.local | grep ':' | head -n1 | sed 's/$/\/56/')\"}" \
  https://opnsense.firewall/api/firewall/alias_util/add/test_ipv6_alias   
August 13, 2025, 11:48:41 PM #1
So far this seems like the best way:

Code Select
curl \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  https://opnsense.firewall/api/firewall/alias_util/flush/test_ipv6_alias

curl \
  --header "Content-Type: application/json" \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  --data "{\"address\":\"$(dig +short AAAA wan1.example.local | grep ':' | head -n1 | sed 's/$/\/56/')\"}" \
  https://opnsense.firewall/api/firewall/alias_util/add/test_ipv6_alias

curl \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  https://opnsense.firewall/api/firewall/alias/reconfigure/test_ipv6_alias
And I've set type to external, I think it's better.
August 14, 2025, 12:56:44 AM #2 Last Edit: August 14, 2025, 12:58:48 AM by OPNenthu
Is this for WireGuard?  If so, there is a built-in command in Settings->Cron called "Renew DNS for WireGuard on stale connections" that you could schedule.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE (I226-V)
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE (I210)
Today at 12:41:42 AM #3
Quote from: OPNenthu on August 14, 2025, 12:56:44 AMIs this for WireGuard?  If so, there is a built-in command in Settings->Cron called "Renew DNS for WireGuard on stale connections" that you could schedule.

Thanks but no, I'm making this so that VLANs from different locations can freely connect to each other. i.e. (Site A-LAN) -> (Site B-managment VLAN). I've been using DHCPv6 reservations + aliases, but it's boring to create aliases+rules on each site and its easier with ipv6 subnets.
Print
Go Up Pages1
User actions