Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Host vs Network Aliases
« previous
next »
Print
Pages: [
1
]
Author
Topic: Host vs Network Aliases (Read 4415 times)
Alphabet Soup
Newbie
Posts: 47
Karma: 7
Host vs Network Aliases
«
on:
April 18, 2017, 04:04:06 am »
In one OPNsense 17.1.4 install I have some firewall rules that reference a Host alias which is populated with IP addresses, e.g. 192.168.5.8, 192.168.99.54, etc.
Now I have a need to apply these same rules to a network, e.g. 10.35.0.0/16.
I can of course create a new Network alias and create copies of all the relevant firewall rules, changing these copies to reference my new Network alias.
My question is whether that is the best way to do it? Is there a performance impact from having more rules? If instead I moved all the Hosts into the Network alias, is there a performance impact from having hosts in a network alias? Do I lose or gain some functionality either way?
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Host vs Network Aliases
«
Reply #1 on:
April 18, 2017, 07:21:41 am »
Hi there,
You can nest aliases, so create a wrapper for either two explicit aliases or a new alias with the network that includes the former alias.
Cheers,
Franco
Logged
Alphabet Soup
Newbie
Posts: 47
Karma: 7
Re: Host vs Network Aliases
«
Reply #2 on:
April 18, 2017, 02:56:34 pm »
Nesting sure keeps the Rules simpler. Is there any (significant) performance impact that you're aware of?
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Host vs Network Aliases
«
Reply #3 on:
April 18, 2017, 03:17:11 pm »
No, they are expanded prior to being written to the ruleset, so you end up with the same speed as when typed explicitly multiple times.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Host vs Network Aliases