 Okay, so we're going to talk about making your life easier with firewall aliases. Now firewall aliases are very similar to network objects I've seen in other firewalls that are referred to as aliases in PFSension or under, of course, firewall and aliases. They can be IPs, ports, URLs, and import lists. We're going to cover just the basics of it, but there are some advanced uses. For example, PFLocker uses the URL to use entire groups to be imported in. You can use all kinds of fun lists like that. We're going to cover the basics to get you started because they all work the same in premise. So let's say we want to make a web server, and we're going to call this web server. That's the alias name, web server ports. Now web servers run on port 80, and that's HTTP, and we're going to add port. Now you run on 443, which is HTTPS, whoops. Now I don't have to put any, these are descriptions for secures. All right, so that's just a description. So we got 80 and 443 here. Now let's go ahead and create a NAT rule. So we're creating a NAT rule, and let's say we want to open up a web server port. You would normally do this, put the IP in 8080. So it's TCP, 8080, 80, pretty straightforward. Okay, and this will open a web server rule. And then I can open another one for 443. Well, this is, of course, where aliases make your life easier. So we're going to go here to the port, and we're going to put in web server. Now what I'm doing to put that in, you can type it in manually, or you just start typing, and it finishes off web server. So we're going to do this. Now that is those two ports, or any number of combination of ports that are in the web server alias. They're going to forward here. So we're going to create the rule, I'm going to call this our web server. Save, apply. So here I just did a standard SSH. This is port 666 for something else, different testing stuff I'm doing. But this right here is the web server one. And when you mouse over it, you can see 80 and 443 web server, pretty straightforward. So those are the two aliases in there, and that's the web server. Now where this gets more interesting is if you have a couple of WAN links and you want to have web server ports and different ports coming in from different WAN links or from that, it groups all that together into these ports. So if I ever have to change anything, I don't have to go to every individual rule. I don't have a bunch of rules to do. And you're staying in time, that's only two rules. So we'll talk about something more complicated here. But this saves you from putting two rules in. You can put one rule in. And if you need to update it, go to aliases, ports, edit. Going to add a new port. Let's say HTTPS something else, save, apply. When you apply, it went and reloaded the firewall rules. That's why there's an apply. It's not just saving it, you have to apply it. Go here. Now there's more ports. So once you create the rule, if you have to create more things that forward to that IP address, you can just create one rule. And everywhere you've used that rule or that alias, those all follow. And this comes into play when you have multiple WAN links especially because you maybe want both WAN links forwarding internally to one system. And you can just update the rule once and it fixes everywhere. So pretty simple use case for them. Now one of the other really cool things we're going to delete this rule apply so you don't need it now. And something you may notice, especially if you've dealt with some weird camera systems, which we certainly have, some of them have as many as 20 ports that need to be forwarded or ranges, I should say. And you can then modify them or something that's a little bit simpler, but does get done a lot is like the Unify systems. We love those. And something you can do to make your life a little bit faster if you don't feel like typing is go over here to back up and restore. And you can back up just your aliases. And in turn, you can also import just the aliases. So I've already done this. So right now we'll go to your services firewall aliases. And there's our web server one. We're going to delete this. We won't want anything in here. So IP ports, nothing here. So essentially let's say this is a brand new firewall and I have some incredible alias magical list of things that I need to bring in. So I'm just going to choose just aliases. By the way, this is a fun feature just in general of PfSense, the fact that it supports granular restore even from different firewalls. So now we're going to go ahead and restore configuration. Are you sure? Yep. Firewall may need to be re-voted. Yes, you may need to apply or edit after you import anything just so you know whenever you do that. Then we go to aliases, ports. There's our Unify controller ports. So here's all the different external ports needed for Unify controllers. So if you had a group of aliases, you can't export them out and then simply import them, especially if they're larger lists or complicated configs for maybe one of those weird camera systems that we've run into or anything else that has a complicated config. You can easily export those aliases and pull them back in. Then when you're creating the rules again, you can do that. It just pulls it right back. Now aliases also support IP ranges. So we can do IP or Foley Qualified Domain. So obviously this makes sense for doing things like you can get rid of Foley Qualified Domains like Facebook and then create a rule for facebook.com as long as it matches. And this is kind of a blunt instrument, not the best way to do filtering, but it will work. Now something I'm going to show you in our firewall is easy ways to create rules for other networks using a series of these. So let me jump over to our firewall. So now we're on our firewall, the one that runs my company. And so here is the IoT network and I have it set insecurely right now. This is where we let guests and things like that wander around. I reset it just to be insecure for the demonstration here to kind of give you an idea of what needs to be done. So we'll start with the IP address. This is our Internet of Insecure Things Network, IoT network 192.168.50.1. That's the network range into slash 24 network. And I have at least one system on here. So here is that system. And we will show you the IP address. It is 192.168.50.1.17. And if we ping my computer 3.9, we can see it can clearly get there. This is not what we want for this network. So what you can do is we're going to go here to the firewall rules and we could create a block rule. We can add and we'll say, you know, if the destination is that network and mine's on the LAN net, we could say block. And then you go through and if you go out here to my firewall rules again, you can see in my firewall rules, we've got floating LAN, LAN 2, VLAN 69. And we want to block access to LAN, LAN 2, VLAN 69 and open VPN. And I can create, like I said, a whole series of block rules. And if I add another network, I'll have to add more block rules. And you can see how this can be complicated because now I got to create one, two, three, four rules just to get this not to go where I want. Or we can do it all in one rule. So this rule is the allow rule that says allow to go to the internet. And now we're going to edit this rule. Invert, single-hoster alias, LCS private networks. I created an alias with all of our private networks in there by range. Then we hit save and I haven't applied it yet. So actually watch, we can still ping. There's my 3.9 network. I can ping it. So let's go ahead and hit apply changes. Takes a second to reload. And we're trying to ping it now. Nothing. Simple as that. Now this helps, like I said, if you're really doing a larger network where you have a lot of rules and you want to create another rule or another network but you want it to only have certain limited access to two certain networks or not to those networks. This is why there's an inverted option. So now it says IPv4, source, IoT net, port, destination. And you can see I have a series of network aliases in here and we'll show you what my alias table looks like. So we go here, we go to aliases and here's each of those networks. So you just put in 192.168.3.0 slash 24. I cleverly named these .2.3 and VLAN 69. And away we go. That's it. Put the slash 24 or whatever the notation is. It's all done inside your notation here. If I wanted to add another network, I could add this in here. But just by doing this, I have created this list and it allows to block. This is how aliases can really help when you're building a lot of firewall rules and you just want to block certain sections of your network. You can create your own block lists and things like that. So hopefully this quick tutorial was good and helped you understand aliases a little better. They're really easy to use. And I'd mentioned about PF Blocker and we'll show you real quick in the aliases what that does. PF Blocker actually uses URLs. You notice we're pointed at localhost. It creates a list and a file and then creates this alias for each of these for the blocking. So this is one more advanced use of it. But this is, like I said, a really easy way to create firewall rules without having a very complex mess in your firewall when you do it. So like I said, as simple as that, we've created one rule that both allows internet but blocks the private networks with an alias and away you go. And if you ever have to adjust the alias, you don't have to adjust the firewall rule again. Like I said, hopefully this was helpful and gave you a better understanding of how the aliases work. Thank you for watching. If you liked this video, go ahead and give us a thumbs up. If you have some feedback, leave it in the comments below. If you'd like to subscribe to our channel, hit that subscribe button, hit the bell icon to let YouTube know you'd like to know about new releases on videos. You can also find new releases on our website, laurancesystems.com slash blog where every video automatically gets posted so you can always find our videos whether YouTube notified you or not. Also, if you'd like to hire us for consulting services, go ahead and hit laurancesystems.com, fill out the contact form, tell us about the project you would like us to help you with. We work with a lot of businesses. We work with a lot of other IT people who need services done. Also, if you wanna help the channel out in other ways, we have a Patreon. We have right below me a Amazon store where you can check out some of the products we've reviewed and as many of them as available on Amazon. You can also check out the things we love. And that's an ever-evolving list of discount codes, offer codes, and different software and affiliates. You can find that on our website as well or just follow it in the link below right to the Things We Love landing page including the hot sauces we recommend which is always changing. All right, once again, thank you for watching and see you in the next video.