UI - firewall rules

[ivica.glavocic]

Do you think that UI on firewall editing rules could be enhanced in terms of visibility?

Imo there are 3 important segments of rule: source info, destination info and action info. Grouping or for example different colors of those segments would result in better visibility.

For example, source direction is candidate for advanced screen, when source direction can be out?

For me, sometimes less is more, and visibility is better on less.

[Monviech (Cedrik)]

If you are on the latest version you could check out Firewall - Automation - Filter

In there you can put rules into categories and press "Tree" to show them in folders in these categories.

[keeka]

I think the OP is referring to layout and colors within a rule definition rather than the organisation of a list rules.

Regarding migrating existing conventional rule definitions to the new MVC based rules. If I were to do it piecemeal, say convert floating rules, then later rules for one interface, is there a possibility of unexpected consequences with, for example, rule ordering?

[Monviech (Cedrik)]

Yeah but with the new flexibility of categories and possibly the tree view they could structure the rules in a way that makes sense for them.

Regarding your question the rule precedence is described here, both features can live happily side by side:

https://docs.opnsense.org/manual/firewall_automation.html

[keeka]

Thanks.
When automation rules eventually supersede firewall rules, will port-forward rules create their corresponding firewall rule under automation rules? Will that functionality remain available?

[meyergru]

According to the docs, those are completely separate and the processing order is explained at the end of the man page.

"Superceding" by abolishing the old rules would render many installations useless, so I reckon that they will both exist side-by-side for a long time.