Text only | Text with Images

OPNsense Forum

English Forums => 26.1 Series => Topic started by: EndiRabbit on January 30, 2026, 01:12:23 PM

Title: Potential issue with renaming FW groups
Post by: EndiRabbit on January 30, 2026, 01:12:23 PM
Hi,

I primarily use groups for setting policies for my configuration. In a test config running in Proxmox this morning, I tried to go back and sanitize some FW group names, changing three of them from


to


After changing them in the test network and clicking [APPLY] (in the web GUI), access to the Internet went down (defined in rules in GRP_all_int). For reference, the GRP_all_int has general network rules to the Internet, and GRP_priv_int and GRP_iot_int have internal rules that are specific to the VLANs for the interfaces that make up each group. Then each interface has interface specific FW rules and a final rule to block all other undefined network traffic as a catch all.

I rebooted and reloaded the web admin interface, but no joy - couldn't access google.com. Traffic was hitting the catch all rule. Not until I rolled back in the GUI the names and clicked [APPLY] was Internet access restored. Has anyone else encountered this issue by changing FW group names in the web GUI?
Title: Re: Potential issue with renaming FW groups
Post by: EndiRabbit on January 30, 2026, 03:52:53 PM
OK - I can verify this is a bug because I tested this on my live network during a planned network maintenance window. Unfortunately, all network access went down when doing the FW group renaming in the same way I did this in the test environment on real hardware. I would not recommend changing a FW group name until this is resolved.
Title: Re: Potential issue with renaming FW groups
Post by: Monviech (Cedrik) on January 30, 2026, 04:02:25 PM
If you think this is a bug, it would be great if you open an issue on github with simple steps to reproduce. Thank you :)

https://github.com/opnsense/core/issues
Title: Re: Potential issue with renaming FW groups
Post by: OPNenthu on January 30, 2026, 04:04:59 PM
I can reproduce this also and I think I found a cause.

I have a group named "IG_OUT_WAN" that I renamed to "IG_OUT_WAN_TEST."  The internet went down.  Then I went to view the rules in the new UI (mine are migrated) and I can see that the Source network name was not updated and still reflects "IG_OUT_WAN."

IG_OUT_WAN_TEST.png

Renaming the group back to "IG_OUT_WAN" to match the network name restored the connectivity.
Title: Re: Potential issue with renaming FW groups
Post by: EndiRabbit on January 30, 2026, 04:19:28 PM
Quote from: Monviech (Cedrik) on Today at 04:02:25 PMIf you think this is a bug, it would be great if you open an issue on github with simple steps to reproduce. Thank you :)

https://github.com/opnsense/core/issues

That was my next step ^^. Updated here: https://github.com/opnsense/core/issues/9680
Text only | Text with Images