pfSense needs some work (At the moment)
pfSense really needs a much better User Interface. I am sure the back end is good, but the GUI needs a lot of work. From my point of view it is unworkable. Maybe I have been spoilt with firewall, but more work is needed.
1. It is possible to Alias ports/hosts and networks. But I cannot see any way to specify the port as being TCP or UDP or both. [It is there, but I think the UI needs improving]
2. The UI for selecting PORTS/HOSTS/NETWORKS are missing. You must know the exact text of the alias and type that. [UI Issue again. If you start typing the name of the alias it comes up.]
3. Also missing is the ability to group multiple HOSTS/NETWORKS into a single rule
4. Removed [WAS: None of that really matters anyway since the ALIAS is broken since it immediately breaks this back to an IP. In other words it is not SYMBOLIC.]
5. The NAT functionality is broken. You can only do NAT by port. You cannot change ALL traffic to 1.2.3.4 to go to 5.6.7.8 regardless of the port. [This may be covered under OUTGOiNG NAT or 1:1 NAT]
6. Similarly Firewall rules are on a per-interface basis. You cannot have a single rule for all ports.
All of these problems would be fixed with a GUI that created the pfSense internal configuration… Wow… A project for me.
1. You select the protocol when you use the alias in the firewall rule entry. The idea behind Aliases is being able to apply them to MORE than just firewall rules.
2. They are there. You need to select a valid protocol and it will show you this information. If it does not then enable javascript?
3. Aliases within aliases is supported in a future developer version. I believe the code is already present.
4. Not sure I am following point #4. Please restate your problems and I will attempt to explain it.
5. Use you can. Use a 1:1 NAT entry.
6. You can in 1.3. It’s called a floating rule.