Haproxy acl - Source IP matches IP or Alias

dragon2611 · November 04, 2017, 04:56:03 PM

How do you get it to work with alias?

I've tried tabbing the field but that doesn't seem to work (firefox) and if I don't put an actual IP then it seems ha proxy gets upset.

I wanted to use an negative match on a list if IP's (I.e the rule says deny access to /wp-admin/ on the backend server but if it's one of those IP's on the trusted list the rule shouldn't fire)

fraenki · November 05, 2017, 09:12:19 PM

Quote from: dragon2611 on November 04, 2017, 04:56:03 PM
How do you get it to work with alias?

Firewall -> Aliases
...are currently not supported in the HAProxy plugin.

(I know, that text reads "Source IP matches IP or Alias", but this is wrong... I'll fix this text with the next release.)

Regards
- Frank

dragon2611 · November 09, 2017, 05:12:14 PM

Fair enough

It would be really nice if supported alias's but I suspect that's a fair bit of work ;)

fraenki · November 14, 2017, 11:59:15 PM

Quote from: dragon2611 on November 09, 2017, 05:12:14 PM
It would be really nice if supported alias's but I suspect that's a fair bit of work ;)

The main issue is that Aliases are still part of the legacy codebase. Once this part is rewritten, it's easy to add to the HAProxy plugin. Maybe as early as OPNsense 18.1, we'll have to wait. :)

Regards
- Frank

Haproxy acl - Source IP matches IP or Alias

dragon2611

November 04, 2017, 04:56:03 PM Last Edit: November 04, 2017, 05:28:19 PM by dragon2611

fraenki

November 05, 2017, 09:12:19 PM #1 Last Edit: November 05, 2017, 09:20:46 PM by fraenki

dragon2611

November 09, 2017, 05:12:14 PM #2

fraenki

November 14, 2017, 11:59:15 PM #3