diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
index 30bf9e22f..382de06c6 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
@@ -147,7 +147,10 @@ class AliasContentField extends BaseField
     {
         $messages = array();
         foreach ($this->getItems($data) as $host) {
-            if (!Util::isAlias($host) && !Util::isIpAddress($host) && !Util::isDomain($host)) {
+            if (strpos($host, "!") === 0 && Util::isIpAddress(substr($host, 1))) {
+                // exclude address (https://www.freebsd.org/doc/handbook/firewalls-pf.html 30.3.2.4)
+                continue;
+            } elseif (!Util::isAlias($host) && !Util::isIpAddress($host) && !Util::isDomain($host)) {
                 $messages[] = sprintf(
                     gettext('Entry "%s" is not a valid hostname or IP address.'),
                     $host