Alias cannot contain comments?

Started by Whayle, September 05, 2023, 08:49:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 05, 2023, 08:49:31 PM
In other firewall software, when creating a list of IPs in an alias, I could use a comment to note what the IP was, by entering data in to a simple text field like this;

103.10.5.131#asus
35.241.133.48#dtube

There seems to be no way to comment each IP in Opnsense? Without an ability to comment each alias IP, I'm left with large lists of IPs and no idea where IP is referencing without doing a lookup or keeping a separate list.  Am I missing something? 
No to mention that the UI control for adding IPs to a alias is really awkward for anything more than a few entries... 

Thanks!

September 05, 2023, 10:56:52 PM #1 Last Edit: September 05, 2023, 10:59:03 PM by Patrick M. Hausen
Isn't the name of the alias supposed to document what the ip adress is for?

I use alias names like "Host4_Minecraft" - I don't see what I would want to put into an additional comment.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 05, 2023, 11:50:54 PM #2 Last Edit: September 06, 2023, 12:08:16 AM by Whayle
This alias is of type "Hosts" and will have about 50 or so IPs in it...

For example, I could create the alias "FRIENDS_IPS", to contain the IP addresses of 50 of my friend's Minecraft servers.  How would I know which friend owned which IP when looking at the list?  In the past in other systems, I've used a format like;

for alias FRIENDS_IPS

x.x.x.x#John
x.x.x.x#George
x.x.x.x#Paul


September 06, 2023, 03:05:55 AM #3
I hear you... but in OPNsense you can can a master Alias which contains the individual aliases.


Alias: Allowed_oVPN_out

That master Alias contains a lot of single Aliases:

Alias: John
Alias: Mary_iPad
Alias: Mary_laptop

Etc... so you can do this today.
September 06, 2023, 06:05:07 PM #4
Thanks! It's messier, but that looks like the best option. 
September 07, 2023, 02:51:14 AM #5 Last Edit: September 07, 2023, 03:56:08 AM by Whayle
Sadly, this will require far too many clicks in the UI.
September 07, 2023, 05:26:33 PM #6
So ultimately, this is negatively impacting use of Opnsense.  I'm not sure why the entry field for alias "content" is using a "label" type field but it's not working well at all for managing alias entries, and is hard to read when there are many IPs.

As a workaround, I can see possibly using Ansible to manage my aliases, as I could at least know what the IPs are for that I'm adding.  I could also set up a URL IP list served by a web server.  Not a great set of options really for something that should be really simple.
September 20, 2023, 04:21:38 PM #7
If none of these have public FQDN available, you could add them as host overrides in Unbound and then use those overrides in your alias.

Not sure if that really ends up cleaner or not.  Perhaps convince everyone to invest in some dynamic DNS accounts?
October 04, 2023, 09:49:47 PM #8 Last Edit: October 04, 2023, 10:11:57 PM by tverweij
To solve this problem, I use the IP Table option in the alias.
In my IIS, I have the aliases as text file, where I can document then.

I create a file named FRIENDS_IPS.txt, that can be downloaded on https://x.x.x.x/FRIENDS_IPS.txt (using an internal IIS)
In that file the alias is defined:
x.x.x.x,#John
x.x.x.x,#George
x.x.x.x,#Paul

In OpnSense, I create an alias of type IP Table, with the link https://x.x.x.x/FRIENDS_IPS.txt.
I define the refresh  frequency as 0 days, 0.02 Hours (about every minute).

This way I can use properly documented Alias files.
October 04, 2023, 10:03:20 PM #9
Quote from: Patrick M. Hausen on September 05, 2023, 10:56:52 PM
Isn't the name of the alias supposed to document what the ip adress is for?

I use alias names like "Host4_Minecraft" - I don't see what I would want to put into an additional comment.

That means that you have to create 51 aliases to properly document the 1  alias you really need.
So, not really an option.
Print
Go Up Pages1
User actions