Netgate SG-1000 microFirewall

Author Topic: HAProxy and acl files  (Read 82 times)

0 Members and 1 Guest are viewing this topic.

Offline jms123

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
HAProxy and acl files
« on: November 22, 2017, 09:41:44 am »
Hi all

pfSense v 2.3.4 with HAProxy version 0.54

I want to use an acl but load the entries from a file rather than type them into the GUI and looking at the docs for HAProxy-1.7.9 the syntax of the acl command is -

"acl <aclname> <criterion> [flags] [operator] [<value>"

where to specify a file you would use a flag of -f.

In the GUI interface for HAProxy there is no field where you can specify a flag that I can find so does that mean -

1) it is just not supported with the package on pfSense

or

2) it is supported but not through the GUI

Any help much appreciated

Online PiBa

  • Hero Member
  • *****
  • Posts: 779
  • Karma: +128/-1
  • PiBa-NL(on IRC)
    • View Profile
Re: HAProxy and acl files
« Reply #1 on: November 22, 2017, 12:21:03 pm »
Depends a little bit what kind of file you would like to use.. It is possible to use "Source IP matches IP or Alias" as a acl.. for which you then can create a alias in pfSense with IP's and subnets to match against.. But if you want to specify a domain>certificate or domain>backend 'list' or some other option that needs loading from file (besides a few things like lua and errorfiles..). Then the webgui is the thing that doesn't really 'support' it..

Haproxy binary itself is should have most if no all features described in the manual..