OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: mestafin on January 25, 2018, 12:22:23 pm

Title: Feature Request: Rules Groups
Post by: mestafin on January 25, 2018, 12:22:23 pm
Hi,

A feature request to make it easier to deploy OPNsense in enterprise setups.

On the Cisco ASA series you can define Services Groups, which can the be applied to individual hosts or networks.

Is it possible to consider something similar?

For example, you define a Service Group called "Mail Services" and for this group, you then define all the services (ports) that you want to allow through:
     HTTPS
     POP3
     IMAP
     SMTP
     SUBMISSION

You then apply this to individual hosts or networks etc.

The current Interface Groups is not really that helpful for this, as it is only applicable to interfaces or virtual vlan interfaces

Title: Re: Feature Request: Rules Groups
Post by: franco on January 25, 2018, 12:45:33 pm
Hi there,

There is an alias option for ports.


Cheers,
Franco
Title: Re: Feature Request: Rules Groups
Post by: you on January 25, 2018, 01:42:05 pm
There is no option to build combined aliases for "hostip:port" ... correct? It would be great to have this option as well :)

Cheers
Title: Re: Feature Request: Rules Groups
Post by: franco on January 25, 2018, 03:42:55 pm
That's impossible to express in pf.conf syntax:

https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5


Cheers,
Franco
Title: Re: Feature Request: Rules Groups
Post by: you on January 25, 2018, 04:43:56 pm
I see. Thanks for your clarification :)