OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: mestafin on January 25, 2018, 12:22:23 pm
-
Hi,
A feature request to make it easier to deploy OPNsense in enterprise setups.
On the Cisco ASA series you can define Services Groups, which can the be applied to individual hosts or networks.
Is it possible to consider something similar?
For example, you define a Service Group called "Mail Services" and for this group, you then define all the services (ports) that you want to allow through:
HTTPS
POP3
IMAP
SMTP
SUBMISSION
You then apply this to individual hosts or networks etc.
The current Interface Groups is not really that helpful for this, as it is only applicable to interfaces or virtual vlan interfaces
-
Hi there,
There is an alias option for ports.
Cheers,
Franco
-
There is no option to build combined aliases for "hostip:port" ... correct? It would be great to have this option as well :)
Cheers
-
That's impossible to express in pf.conf syntax:
https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5
Cheers,
Franco
-
I see. Thanks for your clarification :)