Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: Marius Rieder on April 16, 2025, 03:44:05 PM

Title: API Created Rules not visible in 25.1.5_5
Post by: Marius Rieder on April 16, 2025, 03:44:05 PM
I created some rules using the API (with the ansible module) and are a bit perplexed that this rules does not show up in the UI. I created a second rule un the UI. This one shows up. The search api (/api/firewall/filter/search_rule) only return the rule i created in the UI. Unless the show_all=true is set. However in /api/firewall/filter/get the ansible created rule shows up and in "pfctl -v -s rule" too.

In the config both rules seem to look fine. Any ideas where to investigate further?

 - Marius


Code Select
<Filter version="1.0.4">
<rules>
<rule uuid="b5ed14b9-54e9-4935-8de3-14f6aaa91715">
<enabled>1</enabled>
<statetype>keep</statetype>
<state-policy/>
<sequence>100</sequence>
<action>pass</action>
<quick>1</quick>
<interfacenot>0</interfacenot>
<interface/>
<direction>in</direction>
<ipprotocol>inet</ipprotocol>
<protocol>TCP/UDP</protocol>
<source_net>any</source_net>
<source_not>0</source_not>
<source_port/>
<destination_net>any</destination_net>
<destination_not>0</destination_not>
<destination_port/>
<gateway/>
<replyto/>
<disablereplyto>0</disablereplyto>
<log>0</log>
<allowopts>0</allowopts>
<nosync>0</nosync>
<nopfsync>0</nopfsync>
<statetimeout/>
<max-src-nodes/>
<max-src-states/>
<max-src-conn/>
<max/>
<max-src-conn-rate/>
<max-src-conn-rates/>
<overload/>
<adaptivestart/>
<adaptiveend/>
<prio/>
<set-prio/>
<set-prio-low/>
<tag/>
<tagged/>
<tcpflags1/>
<tcpflags2/>
<categories/>
<sched/>
<tos/>
<shaper1/>
<shaper2/>
<description>test</description>
</rule>
<rule uuid="894a4527-ea77-4c98-988a-5a75afc9a387">
<enabled>1</enabled>
<statetype>keep</statetype>
<state-policy/>
<sequence>101</sequence>
<action>pass</action>
<quick>1</quick>
<interfacenot>0</interfacenot>
<interface>lan</interface>
<direction>in</direction>
<ipprotocol>inet</ipprotocol>
<protocol>TCP</protocol>
<source_net>192.168.0.0/24</source_net>
<source_not>0</source_not>
<source_port/>
<destination_net>192.168.1.0/24</destination_net>
<destination_not>0</destination_not>
<destination_port>443</destination_port>
<gateway/>
<replyto/>
<disablereplyto>0</disablereplyto>
<log>1</log>
<allowopts>0</allowopts>
<nosync>0</nosync>
<nopfsync>0</nopfsync>
<statetimeout/>
<max-src-nodes/>
<max-src-states/>
<max-src-conn/>
<max/>
<max-src-conn-rate/>
<max-src-conn-rates/>
<overload/>
<adaptivestart/>
<adaptiveend/>
<prio/>
<set-prio/>
<set-prio-low/>
<tag/>
<tagged/>
<tcpflags1/>
<tcpflags2/>
<categories/>
<sched/>
<tos/>
<shaper1/>
<shaper2/>
<description>ANSIBLE_TEST_1_1</description>
</rule>
</rules>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
Title: Re: API Created Rules not visible in 25.1.5_5
Post by: EricPerl on April 16, 2025, 07:39:14 PM
The ansible rule is interface specific while the other one is not (floating?).
You're looking at the right page?
Category selector empty?
Title: Re: API Created Rules not visible in 25.1.5_5
Post by: Marius Rieder on May 09, 2025, 11:45:23 AM
I had an interface set so the rule was not shown in the list of floating rules. So clearly the problem was the User. The new automation rule list never shows you all rules only the floating, groups or interface rules. I like the possibility to look at and search all rules at once. But otherwise the new interface is very nice.

 - Marius
Text only | Text with Images