Aliases#

Aliases are a way to define a group of network objects, such as IP addresses (in CIDR notation) and ports, and give them a name that can be used in firewall rules.

IP Aliases#

Let’s explore aliases through 2 examples, one where we define a manual alias and another where we take a look at automated aliases.

• Manual Aliases: This type of alias is where you specify the IP Address in CIDR notation (or ports in the case of a ports alias) yourself.
• Automated Aliases: This type of alias is where you specify a list that is present in the system and the system automatically updates the list in a timely manner.

Manual Aliases#

Okay now let’s explore manual aliases through an example. Imagine we have 3 VPS’s that are hosted outside the confines of our internal network. And they have the following IPv4 and IPv6 addresses respectively:

67.21.121.241/32
68.21.121.242/32
69.21.121.243/32

2a01:4f9:c012:623e::123/128
2a01:4f9:c012:623e::456/128
2a01:4f9:c012:623e::789/128

Now obviously you can create 6 different firewall rules for all 6 of these addresses or you could group these addresses into just 2 aliases and use them within 2 different rules.

Now first we go about creating our alias for the IPv4 addresses and then for the IPv6 ones.

Firewall - Aliases - IPv4

Firewall - Aliases - IPv6

After you’ve created them they should show up in the table like this:

Firewall - Aliases - Table

Now if you try to add or edit a rule in Traffic Rules, you should see the aliases show up in the source and destination address sections.

Firewall - Aliases - Usage

Automated Aliases#

Now for automated aliases, underneath it works pretty much the same way manual aliases do. But instead of the user painstakingly adding each IP for a region for instance they could use a list that is pre-made that are updated in a timely manner by Difuse itself without any need for intervention.

Now if we want to make a list that includes all the IPs that are associated with the country Afghanistan for instance, we could just select the type of alias as Automatic and select the list Afghanistan. You can select multiple countries as well.

Firewall - Aliases - Automated

Multiple country list selection would look something like this:

Firewall - Aliases - Multiple Countries

You can click on the Update Lists button if you want to manually run an update on the lists that exists on the system.

Now once an alias has been created with one of the automated lists, it should look like this in the table:

Firewall - Aliases - Country Tabulation

They can also be used in the firewall in the same way as shown for manual aliases.

Ports Aliases#

Ports Aliases also works in a similar way to that of IP Aliases. The key difference being that there isn’t a way to select an automated list.

Firewall - Aliases - Ports

Now for instance if you have a bunch of HTTP services that you run within your office and home you might want to enable the ports 80, 443 and maybe even 8080 for each of those IPs. You could just create an alias as shown below.

Once you create the alias it should show up in the table like this:

Firewall - Aliases - Ports Tabulation

It’s imperative to note that you should NOT use aliases or traffic rules to block specific websites on the LAN, instead the Content Filtering & Adblock service should be used. Due to advent of services like cloudflare (which incidentally a lot of websites use) multiple hundreds or even thousands websites may share the same IP address, which makes it very hard to just block one or two websites with traffic rules.