Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Issue with network exclusions in alias maps
« previous
next »
Print
Pages: [
1
]
Author
Topic: Issue with network exclusions in alias maps (Read 603 times)
derhelge
Newbie
Posts: 14
Karma: 1
Issue with network exclusions in alias maps
«
on:
November 03, 2023, 09:25:08 am »
I use an alias map "firehol_level3" URL table connected to a rule on my interfaces. Unfortunately, github is blocked within this Blocklist from time to time. I have therefore created an alias map "Network group" "firehol_leve3_without_exclusions" , which contains two entries:
- firehol_leve3
- firehol_exclusions
"firehol_exclusions" is a network alias map. Content is e.g:
!185.199.108.0/22, !185.199.111.133/32
The problem is that a connection to 185.199.111.133 is correctly possible, but a connection to 185.199.108.133 is blocked.
If I look at the
https://github.com/opnsense/core/issues/4318
on github, this should be possible as done?
Logged
derhelge
Newbie
Posts: 14
Karma: 1
Re: Issue with network exclusions in alias maps
«
Reply #1 on:
November 13, 2023, 08:47:47 am »
Thanks to @mimugmail here is the answer:
The exception only works for existing addresses, meaning if 185.199.108.0/22 is actually an entry in Firehol, it would be removed from there. However, there is no scripting logic that takes out the entire network and checks whether individual entries fall into this net. Handling this in a dynamic list is unfortunately difficult.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Issue with network exclusions in alias maps
