Create an Alias and a Firewall Rule with pfSense

In this tutorial you will learn how to create an alias and a firewall rule with pfSense.

Why Aliases are useful

Think of DNS and IP Addresses, of which you should be familiar by now if you followed my blog and YouTube for a while now.

DNS translates IP Addresses to a Fully Qualified Domain Name, like for example www.google.de is translated to 216.58.209.35 by my DNS Server.

Basically the same thing happens with aliases, just that you can set one name, for example

Name: Microsoft

Now you have a ton  of options what you want to store in that alias

Alias Options
Alias Options
  • Host(s)
  • Network(s)
  • Port(s)
  • URL (IPs)
  • URL (Ports)
  • URL Table (IPs)
  • URL Table (Ports)

Now you can say, assign the alias Microsoft to just one or a couple of Hosts, Networks, Ports or URL’s.

You can for example assign:

outlook.microsoft.com

exchange.microsoft.com

office365.microsoft.com

All to the one alias Microsoft.

Or the same with a couple of IP-Addresses or Networks.

So why is this useful you might wonder?

Let’s say, you are using VOIP, like in the following example that I will show you.

You need to allow certain ports from your firewall to the VOIP providers network. If the VOIP provider just has one network, you could, of course, just type in the network range like 216.58.209.35/21

In some cases, there are is more than one network that you need allow ports to, so you would need to create each firewall rule twice or even more often if you want to allow the ports to all of the provider’s networks.

That’s where aliases come in handy. I also use aliases for single networks, because I can remember a single Name better than an IP Address range, and you probably too except you are some kind of number-wiz.

So let me quickly run you through the steps that are necessary to create an alias and a firewall rule using the alias.

Creating an Alias

1 - Log in to your pfSense Web Interface and navigate to Firewall / Aliases  and click on Add.
Create A New Alias
Create A New Alias

Now the choice is your’s, you can choose if you want to assign Networks, Hosts, URL’s or Ports.

If you want to add more than one Network, just click on +Add Network.

The Name you set on Part 1 will be the Name that is used as the Alias Name in the Firewall Rule later.

2 - Choose a Name, Type and specifiy the values and click on Save
Creating The Alias
Creating The Alias

 

3 - Apply Changes
Apply Changes
Apply Changes

Now it’s time to create a Firewall Rule using our just created Alias.

Creating a Firewall Rule using the Alias

4 - Navigate to Firewall / Rules and choose your desired interface and click on Add.

5 - Choose the desired Address Family, Protocol and Source.
6 - On the Destination Tab choose Single host or alias on Step 4
7 - Start to type the name of the Alias you created on Step 5, it will auto complete
8 - Choose the desired Destination Port Range
9 - Add a description

 

Adding A Firewall Rule
Adding A Firewall Rule

And that’s it. Now you created a Firewall Rule using your Alias. You should utilize this feature as it is very handy, especially in enterprise environments. You can also use it to block certain URL’s, but there are better options where we will look into later.

I hope this guide gives you a good idea on why using Aliases is useful and a real time-saver!

 

You can get pre-installed pfSense hardware here:
I use a PC Engines APU.1D4 Bundle which is only available on the German Amazon, so you have to look how to get it in the US, but I assume the options above are of equal quality.

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link
Powered by Social Snap