Messages

> Even PFSense has something like that

Bold strategy.  :)


Cheers,
Franco

Just as a reference... (;

The interface groups https://docs.opnsense.org/manual/firewall_groups.html are pretty much the feature I was looking for - thank you for informing me  ;D

Yeah - would be possible. But that's an extra attribute per rule that needs to be maintained.
As there is already a section feature in use by the 'Automatically generated rules' I though there may be a way to utilize it for other rules  ;)

Even PFSense has something like that: https://docs.netgate.com/pfsense/en/latest/firewall/rule-list-intro.html#rule-separators

Greetings!

First of all - thank you for the great product :D Really love it so far.

I've encountered a customer that has the need for 200+ floating rules.

This is because there are many VLANs and most rules need to be enabled for multiple interfaces.

The abstracted ruleset looks like this:

* Public Security Filters (Blacklists, Countries)
* Public MGMT Rules
* Public Services (NAT)
* Public DENY any
* Access of Untrusted Networks
* Untrusted DENY any
* Intern to Internet Filters (Blacklists, ...)
* Intern to Internet Rules
* Intern to Internet DENY any
* Intern to Intern Rules

This works, but it gets a little messy as there is no clear separation between those sections.

Is there any way of creating sections? Like the one used for 'Automatically generated rules'? I have not found any documentation regarding it :(  https://docs.opnsense.org/manual/firewall.html
What would be even better - adding custom chains. (src/dest match to jump to custom chain and return afterwards)

I've been using the custom chains of Barracuda CloudGen Firewall's - as they are a game changer for complex rulesets..