When using aliases with the new firewall, there are multiple issues:

a) The conversion was broken because invalid values have been used for the default alias (= ALL).

http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=1d9c1c3079922f6f15354e7001fb2b09ea0355e4

b) Therefore no rule was created for the default alias, which is very unfortunate. The rest of the rules have not been created because the NAT IP address was not found for any alias.

http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=085a20ec8bc05b58244bf05d9589e9a1ed3a5265

c) This leaves us now with a working configuration, and it even supports the falsely converted rules.

There is a problem with changing the name of an alias though. As the name is used to identify an alias, rules break when it is changed. It is also possible to create aliases without giving them a name which leads to a similar problem.

So we need a solution for this. Currently, we fall back to the default RED IP address which is total bullocks. A better solution would be to create no rule at all, but the user won't know that this is happening.

Hence I suggest that we convert the names of all aliases in the firewall configuration when the name of an alias is changed. If we cannot do that (for what ever reason), we should fall back to mark the rule in yellow like we do this for no longer existing OpenVPN connections.

We should also make the name for an alias mandatory.