On Dec 9, 2014, at 2:04 PM, Volker Kuhlmann <list0...@paradise.net.nz> wrote:
> On Wed 10 Dec 2014 07:39:36 NZDT +1300, Ryan Clough wrote: > >> I, too, am using aliases which do not retain domain names or IP addresses. > > I opened https://redmine.pfsense.org/issues/4087 > > What happens is that a rule reload, which can be triggered by many > things e.g. interface yoyo (see WAN gw) or applying alias or rule > changes, clears all the FQDN alias entries from the tables used by pf, > and then fails to put them back in. They are added again "some time" > later, but I don't know what "some time" is, several minutes at least. > Meanwhile the user interface is showing these entries as being part of > the running rule set when they are silently not. I consider that to be a > security problem - the running rule set is not the configured one. If you’re using my DNS zone to generate a block list for my IPs I can make those names return anything I want and get through anyway. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list