Looking ahead at Firewall->Automation GUI in 26.1

Started by OPNenthu, January 06, 2026, 08:36:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 06, 2026, 08:36:35 PM Last Edit: January 06, 2026, 09:57:27 PM by OPNenthu
I've been reviewing older comments (thread below) about Floating & NAT interactions and anticipating to try out the new Firewall->Automation GUI in upcoming 26.1.  Reviewed the documentation as well so I'm clear on the rule processing order between the old and new UIs:

https://forum.opnsense.org/index.php?topic=49053.0
https://docs.opnsense.org/manual/firewall_automation.html

As I understand it, there will mostly be feature parity between Firewall->Automation->Filter and Firewall->Rules in the new release and at some undisclosed future date the old UI will be replaced.  In the linked topic, @Monviech also mentioned that there isn't likely to be a mechanism to clone rules to the new UI.

Question: if I want to migrate my rules to the new UI as an early adopter (and I'm not interested in using APIs), is the recommended approach to just start over with a fresh install?

If it doesn't already exist, can I propose a global option to disable processing on the Automation rules?  That way I can take my time to add new rules there without affecting anything or having negative interactions with the existing rules.  I can raise a GH request if this makes any sense.

Looking forward to trying the Automation GUI :)
January 06, 2026, 08:54:16 PM #1
There will be an export import feature that provides a csv like in the dhcp leases for example. (between both rule implementations)
Hardware:
DEC740
January 06, 2026, 09:04:22 PM #2
Awesome!

Coupled with Snapshots, it should be easy going then.
January 06, 2026, 11:31:48 PM #3
Quote from: OPNenthu on January 06, 2026, 08:36:35 PM[...]Question: if I want to migrate my rules to the new UI as an early adopter (and I'm not interested in using APIs), is the recommended approach to just start over with a fresh install?[...]

Are there additional elements to the "Automation" UI? All of my rules are in there (all applied to bridges, if that matters); the stats seem to work; the only command available is "Lookup Rule", which switches to the traditional edit page for the rule.
Today at 12:12:47 AM #4 Last Edit: Today at 02:59:26 AM by OPNenthu
Quote from: pfry on January 06, 2026, 11:31:48 PMAre there additional elements to the "Automation" UI?

26.1 would be my first time using it so I'm not familiar enough to say if anything significant has been added, however there at least was some polishing done: https://github.com/opnsense/core/issues/9145.

Looks like a mix of UI tweaks and fixes.  Honestly haven't gone through it in depth but the description sounds like @Monviech is at least happy with where it's at.

As long as I'm not losing any functionality I might give it a try.  I'm tempted by the new categorization/filtering options in the UI.  There are only a few advanced things that I use currently from the traditional rules: gateway (for VPN), tagging/matching (also for VPN), and I have one odd rule that uses "allow IP options" (IGMP).  I think those are all there in Automation, too.

I have a rather complicated F/W groups setup though and will be interesting to see how that translates.
Print
Go Up Pages1
User actions