Alias name syntax too restrictive - allow more characters

Started by skatopn, February 01, 2024, 12:37:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 01, 2024, 12:37:43 PM
Hi,

The Alias name allowed character and format requirements are way too restrictive.
It doesn't even allow you to create an Alias using standard RFC hostname formats.

It is very common in enterprize firewall systems to create network objects - i.e. network Aliases - that incorporate an FQDN, or a hostname, or an IP address, or a combination of those, and which include separator characters such as hyphen ("-"), underscore ("_") and the period (".").

The underscore character ("_") is currently allowed in Alias names.

PLEASE, PLEASE, PLEASE change the Alias name syntax to allow the inclusion of at least these two extra characters - hyphen ("-") and period (".")!

Also, can you please add a context help note to indicate the maximum string length for them fields?
February 01, 2024, 12:45:32 PM #1
Feature requests are best opened as issues on github. This is the community forum - users helping users.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 01, 2024, 03:37:38 PM #2
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.


Cheers,
Franco
February 08, 2024, 12:10:52 AM #3
Quote from: franco on February 01, 2024, 03:37:38 PM
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.


Cheers,
Franco

I tried to lookup 'pf.conf' syntax but could not work out where/how/why it would not allow these extra characters.
Can you give me a pointer?
Perhaps we can get pf.conf updated to accept them too, assuming it is opensource?
March 03, 2024, 05:35:37 AM #4
Quote from: franco on February 01, 2024, 03:37:38 PM
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.


Cheers,
Franco

From https://man.freebsd.org/cgi/man.cgi?pf.conf(5):
QuoteMACROS
       Macros  can  be   defined   that will later   be expanded in context.    Macro
       names must start   with a letter, and may contain letters,   digits and un-
       derscores.  Macro names may not be reserved words  (for   example    pass,
       in, out).  Macros are not expanded inside quotes.

       For example,

        ext_if = "kue0"
        all_ifs = "{" $ext_if lo0 "}"
        pass out on $ext_if from any to any
        pass in  on $ext_if proto tcp from   any to any port   25

Is THIS what you are referring to?
Does an Alias name get used as a pf MACRO name under the hood?
March 05, 2024, 05:57:45 AM #5
Quote from: franco on February 01, 2024, 03:37:38 PM
We could, but the pf.conf(5) syntax won't allow it and give you an even harder failure like the firewall not working anymore.


Cheers,
Franco

I have raised the following forum post in FreeBSD:
https://forums.freebsd.org/threads/macro-names-vs-firewall-object-names-feature-request-for-more-flexible-naming.92586/
March 05, 2024, 07:30:48 AM #6
Fair enough, but you won't have any luck I think.

We've pondered about a business feature, but the downside is that everything has to be encoded, ends up non-readable in the shell and diagnostics end also has to know about the translation of names.

Bottom line is a lot of work for a business use case that no customer so far asked us to look into. ;)


Cheers,
Franco
Print
Go Up Pages1
User actions