opnsense / plugins

OPNsense plugin collection
https://opnsense.org/
BSD 2-Clause "Simplified" License
842 stars 638 forks source link

Caddy Access Lists does not support Opnsense Aliasses #4174

Closed robsiera closed 1 month ago

robsiera commented 2 months ago

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe. As a year long Pfsense user, I thought to try-out Opnsense once more. To my big surprise I noticed the Caddy plugin. Great, a UI on top of Caddy to facilitate Reverse Proxy entries! But alas Alliases can't be used yet as shortcuts to IPaddresses in the Access Lists. That makes it impossible to add dynamic IPs to an access list.

Describe the solution you'd like Allow to specify alliasses in the "Client IP Addresses" field.

Monviech commented 2 months ago

The default client_ip matcher can only use static IP addresses.

https://caddyserver.com/docs/modules/http.matchers.client_ip

The Aliases are used for features in the scope of the firewall, but not for plugins.

robsiera commented 2 months ago

Thanks for the swift reply. Yes, I figured that would be the case, otherwise your would have problably used that possibility. Still it seems to be valuable FR imho. But then again, I might be wrong.

Monviech commented 2 months ago

If you want to use dynamic IPs in these access lists, you can propose a working example in a Caddyfile and I can see if it can be implemented if it does not create too much overhead.

In the end, I want Caddy to handle all of these things inside its own binary with no external scripting involved.