OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.7 Legacy Series »
  • Possible to use Firewall IP Alias list in HAProxy Conditions?
« previous next »
  • Print
Pages: [1]

Author Topic: Possible to use Firewall IP Alias list in HAProxy Conditions?  (Read 23192 times)

thejasonator

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Possible to use Firewall IP Alias list in HAProxy Conditions?
« on: October 28, 2019, 03:22:18 pm »
Hi there,

I want to test if the Source-IP is within a certain list of IPs and then set a header.

For example, I have a Firewall Alias called Trusted_IPs, which is a list of about 10 trusted IP addresses that is reloaded from an URL table once a day.

If the frontend receives a request from one of these IPs I want it to do http-request header set X-Trusted-IP Trusted

So far, I have only been able to get the Condition "Source IP matches specified IP" to work with a single IP address.

I found this exact issue being discussed in OPNsense 17 forum at https://forum.opnsense.org/index.php?topic=6316.msg27255#msg27255 and it was mooted to be available from 18.1, but I can't find a way of doing it.

Thanks for your help,
Jason

Logged

fog

  • Newbie
  • *
  • Posts: 22
  • Karma: 1
    • View Profile
Re: Possible to use Firewall IP Alias list in HAProxy Conditions?
« Reply #1 on: August 26, 2020, 11:15:59 am »
It is still not possible? :(

My workaround:
with a Custom condition (option pass through) 'allowed_ip' define a HAProxy acl condition for many IP's, subnet and also dyndns names in textbox Option pass-through i.e.:
src 1.1.1.1 2.2.2.0/24 a.dyndns.com b.dyndns.com

And in the rule to redirect to the backend add the condition 'allowed_ip'.

My Firewall Alias contain many IP's: I copied the IP's from  Firewall: Diagnostics: pfTables -> Alias







Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.7 Legacy Series »
  • Possible to use Firewall IP Alias list in HAProxy Conditions?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2