Re: [pfSense] firewall rules with fqdn-alias
Hi ! I recreated these alias tables with a shorter name (they were called dacotaHOSTS and now are called dacota) and now it works... Perhaps there might be some problem ? The problem however seems solved for now... regards, Martin > From: st...@teamits.com > To: list@lists.pfsense.org > Date: Wed, 18 May 2016 15:13:13 + > Subject: Re: [pfSense] firewall rules with fqdn-alias > > Is there a length limit for alias names? > > If it's an invalid alias I would think one of the logs should show something > when the firewall rules are applied...I recall seeing errors in there > before... > > -- > > Steve Yates > ITS, Inc. > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs > Sent: Wednesday, May 18, 2016 4:22 AM > To: 'pfSense Support and Discussion Mailing List' > Subject: Re: [pfSense] firewall rules with fqdn-alias > > Hi ! > > Sounds reasonable, but there's no dot at the end ... > > Regards, > martin > > -Ursprüngliche Nachricht- > Von: List [mailto:list-boun...@lists.pfsense.org] Im Auftrag von > WolfSec-Support > Gesendet: Mittwoch, 18. Mai 2016 09:26 > An: pfSense Support and Discussion Mailing List > Betreff: Re: [pfSense] firewall rules with fqdn-alias > > Hi Martin > > Do you have a dot at the end of the fqdn like in bind configs ? > > Pfsense doesnt like a dot at the end. > With e.g. > host.domain.tld > It works fine > > With > host.domain.tld. > It works not > > So if you use a dot at the end please remove it > > Br > Stephan > Am 18.05.2016 00:12 schrieb "Martin Fuchs" : > > > Hi, Steve ! > > No dots in the alias, yurt in the fqdn-address, the lookup works fine, > > so the resolved fqdn are visible in the tables, but it seems as if the > > rule is not applied. > > But there is no error... > > Any diagnostic hints ? > > Regards, > > Martin > > > > > Are you using dots in your FQDNs? Those aren't valid alias names... > > > 'The > > name of the alias may only > > > consist of the characters "a-z, A-Z, 0-9 and _".' > > > > > > -- > > > > > > Steve Yates > > > ITS, Inc. > > > > > > -Original Message- > > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > > > Martin > > Fuchs > > > Sent: Tuesday, May 17, 2016 9:26 AM > > > To: list@lists.pfsense.org > > > Subject: [pfSense] firewall rules with fqdn-alias > > > > > > Hi ! > > > > > > We're using pfSense 2.3_1 here in a CARP-cluster. > > > > > > We are using rules with fqdn-aliases and those rules do not work. > > > > > > When i look under diagnostics -> tables i see the tables filled with > > > the > > correct IPs. > > > > > > When I change the rule not to use the alias, but the IP instead, the > > rules works immediately. > > > > > > It's really weired. > > > > > > Does anyone have some idea for me ? > > > > > > Regards, > > > > > > martin ! > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Hi ! I recreated these alias tables with a shorter name (they were called dacotaHOSTS and now are called dacota) and now it works... Perhaps there might be some problem ? The problem however seems solved for now... regards, Martin > From: st...@teamits.com > To: list@lists.pfsense.org > Date: Wed, 18 May 2016 15:13:13 + > Subject: Re: [pfSense] firewall rules with fqdn-alias > > Is there a length limit for alias names? > > If it's an invalid alias I would think one of the logs should show something > when the firewall rules are applied...I recall seeing errors in there > before... > > -- > > Steve Yates > ITS, Inc. > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs > Sent: Wednesday, May 18, 2016 4:22 AM > To: 'pfSense Support and Discussion Mailing List' > Subject: Re: [pfSense] firewall rules with fqdn-alias > > Hi ! > > Sounds reasonable, but there's no dot at the end ... > > Regards, > martin > > -Ursprüngliche Nachricht- > Von: List [mailto:list-boun...@lists.pfsense.org] Im Auftrag von > WolfSec-Support > Gesendet: Mittwoch, 18. Mai 2016 09:26 > An: pfSense Support and Discussion Mailing List > Betreff: Re: [pfSense] firewall rules with fqdn-alias > > Hi Martin > > Do you have a dot at the end of the fqdn like in bind configs ? > > Pfsense doesnt like a dot at the end. > With e.g. > host.domain.tld > It works fine > > With > host.domain.tld. > It works not > > So if you use a dot at the end please remove it > > Br > Stephan > Am 18.05.2016 00:12 schrieb "Martin Fuchs" : > > > Hi, Steve ! > > No dots in the alias, yurt in the fqdn-address, the lookup works fine, > > so the resolved fqdn are visible in the tables, but it seems as if the > > rule is not applied. > > But there is no error... > > Any diagnostic hints ? > > Regards, > > Martin > > > > > Are you using dots in your FQDNs? Those aren't valid alias names... > > > 'The > > name of the alias may only > > > consist of the characters "a-z, A-Z, 0-9 and _".' > > > > > > -- > > > > > > Steve Yates > > > ITS, Inc. > > > > > > -Original Message- > > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > > > Martin > > Fuchs > > > Sent: Tuesday, May 17, 2016 9:26 AM > > > To: list@lists.pfsense.org > > > Subject: [pfSense] firewall rules with fqdn-alias > > > > > > Hi ! > > > > > > We're using pfSense 2.3_1 here in a CARP-cluster. > > > > > > We are using rules with fqdn-aliases and those rules do not work. > > > > > > When i look under diagnostics -> tables i see the tables filled with > > > the > > correct IPs. > > > > > > When I change the rule not to use the alias, but the IP instead, the > > rules works immediately. > > > > > > It's really weired. > > > > > > Does anyone have some idea for me ? > > > > > > Regards, > > > > > > martin ! > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Hi ! I recreated these alias tables with a shorter name (they were called dacotaHOSTS and now are called dacota) and now it works... Perhaps there might be some problem ? The problem however seems solved for now... regards, Martin > From: st...@teamits.com > To: list@lists.pfsense.org > Date: Wed, 18 May 2016 15:13:13 + > Subject: Re: [pfSense] firewall rules with fqdn-alias > > Is there a length limit for alias names? > > If it's an invalid alias I would think one of the logs should show something > when the firewall rules are applied...I recall seeing errors in there > before... > > -- > > Steve Yates > ITS, Inc. > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs > Sent: Wednesday, May 18, 2016 4:22 AM > To: 'pfSense Support and Discussion Mailing List' > Subject: Re: [pfSense] firewall rules with fqdn-alias > > Hi ! > > Sounds reasonable, but there's no dot at the end ... > > Regards, > martin > > -Ursprüngliche Nachricht- > Von: List [mailto:list-boun...@lists.pfsense.org] Im Auftrag von > WolfSec-Support > Gesendet: Mittwoch, 18. Mai 2016 09:26 > An: pfSense Support and Discussion Mailing List > Betreff: Re: [pfSense] firewall rules with fqdn-alias > > Hi Martin > > Do you have a dot at the end of the fqdn like in bind configs ? > > Pfsense doesnt like a dot at the end. > With e.g. > host.domain.tld > It works fine > > With > host.domain.tld. > It works not > > So if you use a dot at the end please remove it > > Br > Stephan > Am 18.05.2016 00:12 schrieb "Martin Fuchs" : > > > Hi, Steve ! > > No dots in the alias, yurt in the fqdn-address, the lookup works fine, > > so the resolved fqdn are visible in the tables, but it seems as if the > > rule is not applied. > > But there is no error... > > Any diagnostic hints ? > > Regards, > > Martin > > > > > Are you using dots in your FQDNs? Those aren't valid alias names... > > > 'The > > name of the alias may only > > > consist of the characters "a-z, A-Z, 0-9 and _".' > > > > > > -- > > > > > > Steve Yates > > > ITS, Inc. > > > > > > -Original Message- > > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > > > Martin > > Fuchs > > > Sent: Tuesday, May 17, 2016 9:26 AM > > > To: list@lists.pfsense.org > > > Subject: [pfSense] firewall rules with fqdn-alias > > > > > > Hi ! > > > > > > We're using pfSense 2.3_1 here in a CARP-cluster. > > > > > > We are using rules with fqdn-aliases and those rules do not work. > > > > > > When i look under diagnostics -> tables i see the tables filled with > > > the > > correct IPs. > > > > > > When I change the rule not to use the alias, but the IP instead, the > > rules works immediately. > > > > > > It's really weired. > > > > > > Does anyone have some idea for me ? > > > > > > Regards, > > > > > > martin ! > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Is there a length limit for alias names? If it's an invalid alias I would think one of the logs should show something when the firewall rules are applied...I recall seeing errors in there before... -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs Sent: Wednesday, May 18, 2016 4:22 AM To: 'pfSense Support and Discussion Mailing List' Subject: Re: [pfSense] firewall rules with fqdn-alias Hi ! Sounds reasonable, but there's no dot at the end ... Regards, martin -Ursprüngliche Nachricht- Von: List [mailto:list-boun...@lists.pfsense.org] Im Auftrag von WolfSec-Support Gesendet: Mittwoch, 18. Mai 2016 09:26 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] firewall rules with fqdn-alias Hi Martin Do you have a dot at the end of the fqdn like in bind configs ? Pfsense doesnt like a dot at the end. With e.g. host.domain.tld It works fine With host.domain.tld. It works not So if you use a dot at the end please remove it Br Stephan Am 18.05.2016 00:12 schrieb "Martin Fuchs" : > Hi, Steve ! > No dots in the alias, yurt in the fqdn-address, the lookup works fine, > so the resolved fqdn are visible in the tables, but it seems as if the > rule is not applied. > But there is no error... > Any diagnostic hints ? > Regards, > Martin > > > Are you using dots in your FQDNs? Those aren't valid alias names... > > 'The > name of the alias may only > > consist of the characters "a-z, A-Z, 0-9 and _".' > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > > Martin > Fuchs > > Sent: Tuesday, May 17, 2016 9:26 AM > > To: list@lists.pfsense.org > > Subject: [pfSense] firewall rules with fqdn-alias > > > > Hi ! > > > > We're using pfSense 2.3_1 here in a CARP-cluster. > > > > We are using rules with fqdn-aliases and those rules do not work. > > > > When i look under diagnostics -> tables i see the tables filled with > > the > correct IPs. > > > > When I change the rule not to use the alias, but the IP instead, the > rules works immediately. > > > > It's really weired. > > > > Does anyone have some idea for me ? > > > > Regards, > > > > martin ! > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Hi ! Sounds reasonable, but there's no dot at the end ... Regards, martin -Ursprüngliche Nachricht- Von: List [mailto:list-boun...@lists.pfsense.org] Im Auftrag von WolfSec-Support Gesendet: Mittwoch, 18. Mai 2016 09:26 An: pfSense Support and Discussion Mailing List Betreff: Re: [pfSense] firewall rules with fqdn-alias Hi Martin Do you have a dot at the end of the fqdn like in bind configs ? Pfsense doesnt like a dot at the end. With e.g. host.domain.tld It works fine With host.domain.tld. It works not So if you use a dot at the end please remove it Br Stephan Am 18.05.2016 00:12 schrieb "Martin Fuchs" : > Hi, Steve ! > No dots in the alias, yurt in the fqdn-address, the lookup works fine, > so the resolved fqdn are visible in the tables, but it seems as if the > rule is not applied. > But there is no error... > Any diagnostic hints ? > Regards, > Martin > > > Are you using dots in your FQDNs? Those aren't valid alias names... > > 'The > name of the alias may only > > consist of the characters "a-z, A-Z, 0-9 and _".' > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of > > Martin > Fuchs > > Sent: Tuesday, May 17, 2016 9:26 AM > > To: list@lists.pfsense.org > > Subject: [pfSense] firewall rules with fqdn-alias > > > > Hi ! > > > > We're using pfSense 2.3_1 here in a CARP-cluster. > > > > We are using rules with fqdn-aliases and those rules do not work. > > > > When i look under diagnostics -> tables i see the tables filled with > > the > correct IPs. > > > > When I change the rule not to use the alias, but the IP instead, the > rules works immediately. > > > > It's really weired. > > > > Does anyone have some idea for me ? > > > > Regards, > > > > martin ! > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Hi Martin Do you have a dot at the end of the fqdn like in bind configs ? Pfsense doesnt like a dot at the end. With e.g. host.domain.tld It works fine With host.domain.tld. It works not So if you use a dot at the end please remove it Br Stephan Am 18.05.2016 00:12 schrieb "Martin Fuchs" : > Hi, Steve ! > No dots in the alias, yurt in the fqdn-address, the lookup works fine, so > the resolved fqdn are visible in the tables, but it seems as if the rule is > not applied. > But there is no error... > Any diagnostic hints ? > Regards, > Martin > > > Are you using dots in your FQDNs? Those aren't valid alias names... 'The > name of the alias may only > > consist of the characters "a-z, A-Z, 0-9 and _".' > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin > Fuchs > > Sent: Tuesday, May 17, 2016 9:26 AM > > To: list@lists.pfsense.org > > Subject: [pfSense] firewall rules with fqdn-alias > > > > Hi ! > > > > We're using pfSense 2.3_1 here in a CARP-cluster. > > > > We are using rules with fqdn-aliases and those rules do not work. > > > > When i look under diagnostics -> tables i see the tables filled with the > correct IPs. > > > > When I change the rule not to use the alias, but the IP instead, the > rules works immediately. > > > > It's really weired. > > > > Does anyone have some idea for me ? > > > > Regards, > > > > martin ! > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Hi, Steve ! No dots in the alias, yurt in the fqdn-address, the lookup works fine, so the resolved fqdn are visible in the tables, but it seems as if the rule is not applied. But there is no error... Any diagnostic hints ? Regards, Martin > Are you using dots in your FQDNs? Those aren't valid alias names... 'The name > of the alias may only > consist of the characters "a-z, A-Z, 0-9 and _".' > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs > Sent: Tuesday, May 17, 2016 9:26 AM > To: list@lists.pfsense.org > Subject: [pfSense] firewall rules with fqdn-alias > > Hi ! > > We're using pfSense 2.3_1 here in a CARP-cluster. > > We are using rules with fqdn-aliases and those rules do not work. > > When i look under diagnostics -> tables i see the tables filled with the > correct IPs. > > When I change the rule not to use the alias, but the IP instead, the rules > works immediately. > > It's really weired. > > Does anyone have some idea for me ? > > Regards, > > martin ! > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] firewall rules with fqdn-alias
Are you using dots in your FQDNs? Those aren't valid alias names... 'The name of the alias may only consist of the characters "a-z, A-Z, 0-9 and _".' -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs Sent: Tuesday, May 17, 2016 9:26 AM To: list@lists.pfsense.org Subject: [pfSense] firewall rules with fqdn-alias Hi ! We're using pfSense 2.3_1 here in a CARP-cluster. We are using rules with fqdn-aliases and those rules do not work. When i look under diagnostics -> tables i see the tables filled with the correct IPs. When I change the rule not to use the alias, but the IP instead, the rules works immediately. It's really weired. Does anyone have some idea for me ? Regards, martin ! ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] firewall rules with fqdn-alias
Hi ! We're using pfSense 2.3_1 here in a CARP-cluster. We are using rules with fqdn-aliases and those rules do not work. When i look under diagnostics -> tables i see the tables filled with the correct IPs. When I change the rule not to use the alias, but the IP instead, the rules works immediately. It's really weired. Does anyone have some idea for me ? Regards, martin ! ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold