Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Idea: Give the admin the ability to name network interfaces or at least renumber
« previous
next »
Print
Pages: [
1
]
Author
Topic: Idea: Give the admin the ability to name network interfaces or at least renumber (Read 1655 times)
bimbar
Sr. Member
Posts: 435
Karma: 25
Idea: Give the admin the ability to name network interfaces or at least renumber
«
on:
June 11, 2024, 10:37:09 am »
As is, opnsense numbers network interfaces in sequence of creation, opt1 to optX. Additionally, there are lan and wan predefined interfaces.
Firewall rules are associated to this interface identifier.
If, for any reason, this interface identifier changes, it is quite hard to get all this to work again through deleting interfaces and recreating them in the correct sequence. Especially if the sequence has been broken through deleting an interface somewhere in the middle.
Also, in an opnsense HA cluster, interfaces must be created in identical sequence on all firewalls in the cluster, which is a hassle, and potentially problematic if this goes out of sync for some reason.
So, why not give users the ability to choose the interface identifier themselves on creation, or even be able to rename the identifier in an existing interface?
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Idea: Give the admin the ability to name network interfaces or at least renumber
«
Reply #1 on:
June 11, 2024, 04:57:29 pm »
> As is, opnsense numbers network interfaces in sequence of creation, opt1 to optX. Additionally, there are lan and wan predefined interfaces.
Firewall rules are associated to this interface identifier.
Yep, this system appears to be simple and straightforward but it's really not and rather impossible to move away from.
> If, for any reason, this interface identifier changes, it is quite hard to get all this to work again through deleting interfaces and recreating them in the correct sequence.
Changes only in the sense when the interface is the wrong one during creation, which you only end up running into for HA system setups in the first place. There are handy concepts for avoiding these problems: identical hardware, start with a copy of the master on the backup, etc.
Specifying the OPT number during creation might be a doable approach. Once the interface has been created it's impossible to replace all instances of the identifier being used without breaking something somewhere.
Specifying "lan" or "wan" then is not a good idea as I'd rather want to move away from the implication that any interface has any special purpose.. there are users who have their WAN on "lan" and LAN on "wan" for trial and error reasons and it's not fun to guess what the user's intention was.
Cheers,
Franco
«
Last Edit: June 11, 2024, 04:59:06 pm by franco
»
Logged
bimbar
Sr. Member
Posts: 435
Karma: 25
Re: Idea: Give the admin the ability to name network interfaces or at least renumber
«
Reply #2 on:
June 11, 2024, 06:13:54 pm »
A customer had that problem yesterday. God alone knows how he managed to do it. Took 3 hours to fix ...
I agree on the lan and wan, but those come predefined with the default install - perhaps it would be a good idea to move away from this.
Fortinet does it well, I think, they have a similar system, where you can name an interface on creation, and afterwards you can only change the alias / description.
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Idea: Give the admin the ability to name network interfaces or at least renumber
«
Reply #3 on:
June 11, 2024, 06:33:19 pm »
Best course of action would be a GitHub feature ticket. Technically it's easy on creation only, practically the question is if it actually helps (and is properly documented).
Cheers,
Franco
Logged
bimbar
Sr. Member
Posts: 435
Karma: 25
Re: Idea: Give the admin the ability to name network interfaces or at least renumber
«
Reply #4 on:
June 11, 2024, 06:45:10 pm »
Opened
https://github.com/opnsense/core/issues/7522
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Idea: Give the admin the ability to name network interfaces or at least renumber