Rule Separators

[franco]

Sure, we can do that. There are enough ideas around as well. I just want everyone to understand that business wise it doesn't make sense to sink more time into the static PHP pages that makes the required transition to MVC/API even harder than it already is. Most of these conversion efforts are self-funded based on direct need.


Cheers,
Franco

[Patrick M. Hausen]

Sure, we can do that. There are enough ideas around as well. I just want everyone to understand that business wise it doesn't make sense to sink more time into the static PHP pages that makes the required transition to MVC/API even harder than it already is.

Absolutely!

Looking forward to finally meeting in person.

[bimbar]

> but still professionally we do fortinet for the better firewall rule UI.

And the incentive to make it happen here is what?

We did discuss in the meeting but the bottom line is it won't help us overcomplicate the situation in static firewall pages that still need an MVC migration. Categories are flexible enough. Building containers from categories would actually put more restrictions on categories in terms of rule location and overlapping use.


Cheers,
Franco

The incentive would be making opnsense better? I don't understand that question.

Still I do understand not wanting to do it in the old firewall UI code - is a migration to MVC planned?

[franco]

> The incentive would be making opnsense better? I don't understand that question.

Better for who? You? :)

> Still I do understand not wanting to do it in the old firewall UI code - is a migration to MVC planned?

Not fixed in time yet, but working on the firewall end probably 40% carried through by now with most of the easier migrations elsewhere already done in the last decade. The roadmap will likely feature one more firewall page conversion


Cheers,
Franco

[ivica.glavocic]

Sorry to revive this topic after so long time, just to give you one example - currently two companies are in the process of choosing new edge firewall (with paid support) and usability is very important to them. I am pushing them towards opnsense, but rule separators are the thing they want because their firewalls have hundreds of rules and, in their opinion, visibility is so much better with separators in pfsense than categories in opnsense. Their 2 cents, not mine :)

[franco]

Corporate decisions are an eternal uphill battle. Use what fits the bill, because there is little leeway in checklists and arbitrary requirements.

From experience there is always "just one little thing" someone needs to make the switch to OPNsense and otherwise cannot.


Cheers,
Franco

[Seimus]

Once again, those "companies" could just use the Groups feature to do the visualization and segregation for rules.

If they have so many rules they would have to need to use groups anyway cause to either:
A. create Policies
B. create ZONEs

Otherwise a large ruleset its unmanageable.

+ as well use categories

I use both and and my ruleset is not small...

Regards,
S.

[franco]

Plus if you have one big setup you probably have more than one firewall so OPNcentral could be helpful managing that. I'm unsure how others are doing with their "early look" here before it's buried in some cloud. On premise central management seems like a no-brainer.  ;)


Cheers,
Franco

[chemlud]

If you want to make something possible, you look for a way to go.
If you want to block something, you look for reasons (good or bad).

Such a fuss for avoiding these few lines of codes? After all these years? I can't believe it. And still miss the separators.

[franco]

If you don't me being frank to your strawman: we do not want to introduce a suboptimal feature that will get bugfixes for years because it's not a good technical solution to a problem that doesn't even exist in the grand scheme of things.

I think I've said so before. Nothing has changed here.


Cheers,
Franco