On 8/23/2010 3:12 PM, Seth Mos wrote: > Hi, > > Op 23 aug 2010, om 21:08 heeft Jim Cheetham het volgende geschreven: > >> Perhaps there's another way; what are you doing this for? Instead of >> basing rules on a large set of aliases that you have to update >> regularly, is there some other characteristic you can group your rules >> by? (AKA 'describe the original problem, not just the one step you're >> stuck on') > > Also, in 2.0 we have support for nested aliases. What you can do with this is > pretty straightforward ofcourse. You can then update 1 specific alias which > is part of the parent alias. > > This should make management a lot easier, the chances of error smaller and > possibly the number of firewall rules smaller.
In 2.0 we also have a URL table alias type that can periodically update its contents from a URL that has IP and IP/CIDR format entries (one per line). We've tried it with 40k+ entries and it works fine. You can't edit the lists on the box though, they only refresh via the contents of the URL. There was no practical way to handle editing that large of a list in the GUI and storing the data in the actual XML file. There is a package for 1.2.3 that imports that functionality as well. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
