Hi,
I primarily use groups for setting policies for my configuration. In a test config running in Proxmox this morning, I tried to go back and sanitize some FW group names, changing three of them from
- all_internal SEQ 11
- priv_internal SEQ 9
- iot_internal SEQ 9
to
- GRP_all_int SEQ 11
- GRP_priv_int SEQ 9
- GRP_iot_int SEQ 9
After changing them in the test network and clicking [APPLY] (in the web GUI), access to the Internet went down (defined in rules in GRP_all_int). For reference, the GRP_all_int has general network rules to the Internet, and GRP_priv_int and GRP_iot_int have internal rules that are specific to the VLANs for the interfaces that make up each group. Then each interface has interface specific FW rules and a final rule to block all other undefined network traffic as a catch all.
I rebooted and reloaded the web admin interface, but no joy - couldn't access google.com. Traffic was hitting the catch all rule. Not until I rolled back in the GUI the names and clicked [APPLY] was Internet access restored. Has anyone else encountered this issue by changing FW group names in the web GUI?
OK - I can verify this is a bug because I tested this on my live network during a planned network maintenance window. Unfortunately, all network access went down when doing the FW group renaming in the same way I did this in the test environment on real hardware. I would not recommend changing a FW group name until this is resolved.
If you think this is a bug, it would be great if you open an issue on github with simple steps to reproduce. Thank you :)
https://github.com/opnsense/core/issues
I can reproduce this also and I think I found a cause.
I have a group named "IG_OUT_WAN" that I renamed to "IG_OUT_WAN_TEST." The internet went down. Then I went to view the rules in the new UI (mine are migrated) and I can see that the Source network name was not updated and still reflects "IG_OUT_WAN."
IG_OUT_WAN_TEST.png
Renaming the group back to "IG_OUT_WAN" to match the network name restored the connectivity.
Quote from: Monviech (Cedrik) on January 30, 2026, 04:02:25 PMIf you think this is a bug, it would be great if you open an issue on github with simple steps to reproduce. Thank you :)
https://github.com/opnsense/core/issues
That was my next step ^^. Updated here: https://github.com/opnsense/core/issues/9680
I added my diff to the ticket as well. The src/dest values in the rules are not getting updated correctly in my case.
I feel that this is impactful enough (though not sure how many will run into it) that it should be considered for inclusion in a hotfix?
It depends on the scope of the fix to be made. Though there were similar issues before and the impact is limited in general so in the best case it can wait one more week especially when it was in there for a year or so.
Cheers,
Franco