API Created Rules not visible in 25.1.5_5

Started by Marius Rieder, April 16, 2025, 03:44:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 16, 2025, 03:44:05 PM
I created some rules using the API (with the ansible module) and are a bit perplexed that this rules does not show up in the UI. I created a second rule un the UI. This one shows up. The search api (/api/firewall/filter/search_rule) only return the rule i created in the UI. Unless the show_all=true is set. However in /api/firewall/filter/get the ansible created rule shows up and in "pfctl -v -s rule" too.

In the config both rules seem to look fine. Any ideas where to investigate further?

 - Marius


Code Select
<Filter version="1.0.4">
<rules>
<rule uuid="b5ed14b9-54e9-4935-8de3-14f6aaa91715">
<enabled>1</enabled>
<statetype>keep</statetype>
<state-policy/>
<sequence>100</sequence>
<action>pass</action>
<quick>1</quick>
<interfacenot>0</interfacenot>
<interface/>
<direction>in</direction>
<ipprotocol>inet</ipprotocol>
<protocol>TCP/UDP</protocol>
<source_net>any</source_net>
<source_not>0</source_not>
<source_port/>
<destination_net>any</destination_net>
<destination_not>0</destination_not>
<destination_port/>
<gateway/>
<replyto/>
<disablereplyto>0</disablereplyto>
<log>0</log>
<allowopts>0</allowopts>
<nosync>0</nosync>
<nopfsync>0</nopfsync>
<statetimeout/>
<max-src-nodes/>
<max-src-states/>
<max-src-conn/>
<max/>
<max-src-conn-rate/>
<max-src-conn-rates/>
<overload/>
<adaptivestart/>
<adaptiveend/>
<prio/>
<set-prio/>
<set-prio-low/>
<tag/>
<tagged/>
<tcpflags1/>
<tcpflags2/>
<categories/>
<sched/>
<tos/>
<shaper1/>
<shaper2/>
<description>test</description>
</rule>
<rule uuid="894a4527-ea77-4c98-988a-5a75afc9a387">
<enabled>1</enabled>
<statetype>keep</statetype>
<state-policy/>
<sequence>101</sequence>
<action>pass</action>
<quick>1</quick>
<interfacenot>0</interfacenot>
<interface>lan</interface>
<direction>in</direction>
<ipprotocol>inet</ipprotocol>
<protocol>TCP</protocol>
<source_net>192.168.0.0/24</source_net>
<source_not>0</source_not>
<source_port/>
<destination_net>192.168.1.0/24</destination_net>
<destination_not>0</destination_not>
<destination_port>443</destination_port>
<gateway/>
<replyto/>
<disablereplyto>0</disablereplyto>
<log>1</log>
<allowopts>0</allowopts>
<nosync>0</nosync>
<nopfsync>0</nopfsync>
<statetimeout/>
<max-src-nodes/>
<max-src-states/>
<max-src-conn/>
<max/>
<max-src-conn-rate/>
<max-src-conn-rates/>
<overload/>
<adaptivestart/>
<adaptiveend/>
<prio/>
<set-prio/>
<set-prio-low/>
<tag/>
<tagged/>
<tcpflags1/>
<tcpflags2/>
<categories/>
<sched/>
<tos/>
<shaper1/>
<shaper2/>
<description>ANSIBLE_TEST_1_1</description>
</rule>
</rules>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
April 16, 2025, 07:39:14 PM #1
The ansible rule is interface specific while the other one is not (floating?).
You're looking at the right page?
Category selector empty?
May 09, 2025, 11:45:23 AM #2
I had an interface set so the rule was not shown in the list of floating rules. So clearly the problem was the User. The new automation rule list never shows you all rules only the floating, groups or interface rules. I like the possibility to look at and search all rules at once. But otherwise the new interface is very nice.

 - Marius
Print
Go Up Pages1
User actions