[SOLVED] Provide access for a specific account: Sessions ("pf_top)"

[Sheldon]

I created a separate account with limited access. OPNsense has a nice feature, allowing you to specify for each account, which parts of the web UI are accessible and which are not. This works very well for me, except for one area.

I managed to provide access to "pf_top", by adding "Diagnostics: Firewall sessions" to the privileges. But the session list is always empty. When i relog into the admin account, the list is not empty. How can i provide access to not only the menu entry, but also to the actual content?

The menu entry (Firewall -> Diagnostics -> Sessions) leads to the following URL: https://firewallhostname/ui/diagnostics/firewall/pf_top

OPNsense version is 21.7.2_1-amd64.

[Sheldon]

Ok, i found something. I added an additional line to a configuration file:

Code Select Expand


# grep pf_top \
? /usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
            <pattern>ui/diagnostics/firewall/pf_top*</pattern>
            <pattern>api/diagnostics/firewall/pf_top*</pattern>
            <pattern>api/diagnostics/firewall/query_pf_top</pattern>


I tried to trigger a reload of this configuration file, but i couldn't figure out how to do that. So i just did a full restart. Since restart, the separate account has access to the firewall sessions, the list is not empty anymore.

This is just a hack, but i wanted to share this experience.

[Sheldon]

This was a bug and got solved with https://github.com/opnsense/core/issues/5692