[Feature] Global Aliases

[Daemonslayer2048]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.
Feature request is not related to a "problem"

Describe the solution you like I would like to see the firewall aliases available in other sections of the opnsense firewall, or more likely, a global alias system that could be used in multiple services. For example a global alias for an internal IP that could be used in unbound, DHCP, and the firewall section. This benefits user who may run virtual workloads that often change their IP (think VIP based loadbalancers) if the VIP of a loadbalancer changes there are multiple locations in opnsense where this may need to change. I see this global alias being mostly useful in DNS, Firewall and DHCP functions.

Describe alternatives you considered

I do not believe there are any.

Additional context Below I pasted some pictures of some sample alias uses.

Unbound:

DHCP:

[AdSchellevis]

Looked at this from various angles in the past, but the service in question has no way of knowing anything underneath has changed and has no way of coping with the flexibility the alias system has to offer. In practice this would mean any update to the alias system has the possible effect of restarting of all consumers of these aliases (which causes unexpected service interruption) .

[fichtner]

Not to mention the heavy restrictions that each user of the alias would impose on the alias being used (lower number of entries, stricter format, etc).

[stumbaumr]

I just now configured VPN->IPsec->Connection->Pools and came exactly across that idea. One Pool for IPv6, one for IPv4, selecting two pools in the connection... And "Local Nets" like that is not maintainable: I have over 8 lines of tool tip full of IP networks garbage when hoovering with the mouse over it - when it is just three entries in the "Alias"...

The Alias system regarding networks/hosts is great - you should make it available in the other networking sections to get rid of those possible errors when maintaining IP networks/adresses over the various services.

If the services allows a reload instead a restart, just reload when the Alias changes. Services with only restart -> no alias funktionality. Start with IPsec please and move then on to OpenVPN!

[stumbaumr]

Related: https://github.com/opnsense/core/issues/7464