Hi everyone,
I'm currently automating my OPNsense firewall configuration using the API and a Bash script that creates VLAN firewall rules automatically (LAN, Guest, Media, IoT, etc.).
The script is working now, including:
* creating rules via `/api/firewall/filter/addRule`
* creating schedules via `/api/firewall/schedules/addItem`
* applying changes with `/api/firewall/filter/reconfigure`
My question is about best practice before moving fully to automation.
At the moment I already have manually created firewall rules in OPNsense.
The script creates new rules in addition to the existing ones.
What is the recommended approach?
1. Keep the old/manual rules and add the scripted rules beside them
2. Remove the old rules first and let the script become the single source of truth
3. Use categories/tags and migrate gradually
4. Another recommended method?
I'm especially interested in:
* avoiding duplicate/conflicting rules
* keeping rule order predictable
* managing schedules correctly
* avoiding problems during future script reruns
Environment:
* OPNsense 26.1.7_1
* VLAN-based network segmentation
* API automation with Bash + curl
Any advice from people already automating OPNsense firewall management would be appreciated.
Thanks!