pfSense Aliases

pfSense Aliases can save you a huge amount of time if you use them correctly, I must admit I ignored them in the beginning but now I cannot imagine getting by without them. This guide to using Aliases in pfSense will show you how to save hours of time administering your firewall.

In short an alias lets you use a container for hosts, ports or networks which can be used when creating rules in pfSense, the benefit is two fold, firstly it lets you store multiple entries in a single place holder which means you do not need to create multiple rules for groups of machines or ports and secondly it minimizes they changes needed on your firewall when port or range changes are needed.

As an example imagine you want all your servers to use a different route out to the Internet, obviously you will add and remove servers in your organization as time goes on and the headache of maintaining the rules can be avoided by using a pfSense alias as a container for all your server hosts. To create an alias go to Firewall > Aliases where you will find the standard pfSense interface and can add or remove rules.

Creating an alias is very simple, you just need to select the type and then add your hosts, port or ranges. Sticking with our example of a dedicated route for servers here is an example of a host alias which contains a list of server IP addresses

pfsense host alias

This alias can now be used when creating rules and in future if servers are added or removed only the alias will need to be edited and the rules can be left as is. If you are in a change control environment you will have less difficulty getting the change approved as well since you are editing the actual rules.

The pfSense aliases overview screen will give a brief look at the rules you have created and what they contain which will eventually get rather populated as you use aliases more and more. (some sensitive info removed)

pfsense alias overview

When creating a firewall rule you are able to use an Alias but keep in mind they are case sensitive. The valid fields are highlighted in red and an alias will auto complete in pfSense.

pfsense aliases

pfSense aliases are not only useful in big IT environments, you could use it at home to send all gaming traffic out over a one link and leave everything else on another link if you were worried about latency/congestion or as in an example in South Africa where unshaped accounts are expensive per GB and it makes sense to have two DSL lines and use one for gaming and another for everything else. To do that you would simply create a port alias or if you wanted a host aliases with the gaming server IP addresses.

Leave a Reply