New rule system

Started by tessus, January 25, 2026, 03:06:56 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 26, 2026, 08:57:24 PM #15
Another way to force priority changes:

- Fake Floating: Add a random loopback interface additionally to any single interface rule

- Fake Group: Add a new firewall group with a single interface

Or you change the approach how you build your ruleset.
Hardware:
DEC740
Today at 12:15:56 AM #16
Thanks for the all the replies. I am still trying to understand how the new interface will look like. Are there annotated before/after screenshots for all the changes available? I have read the link Franco provided about the processing order when I started to use OPNsense (many yers ago), but since I do not use "Rule Automation", the overall processing order documentation was much more helpful to me back then.

While I could glean that the changes mostly pertain to the automation rules and UI, a bunch of posts suggested that the order of other rules (interface, floating, NAT) will change with 26.1.

If this is not the case and if everything will still work without changes when I do not use automation, this can be closed from my side. (Although I am still interested in the current discussion about automation as well.)

However, if there's anything in the UI and/or processing order that will change for anything but automation, I would like to repeat my question: how exactly does it change and what is the difference to the current UI and/or processing order?
Today at 02:09:47 AM #17 Last Edit: Today at 02:23:54 AM by OPNenthu
@tessus The "Automation" rules UI in 25.7 has been moved to "Rules [new]" in 26.1.  The idea is that this UI (regardless of whether you use automation or not) will eventually replace the legacy Rules UI.  I think what we're talking about here will eventually affect everyone, but not for a while.

What I'm hearing from the responses so far is that nothing changes except for the ability to set Floating rules on a single, specific interface.  That is a loss in flexibility with the new rules system, but I don't know if it will be a big deal or not.  If that doesn't affect you then you can happily use the new system.

I don't think anything is changed in the old rules system so if you're still using that you're good for now.  The concerns people had around NAT and rule order impacts were regarding the new rules system and those turned out to be incorrect as @meyergru explained to me.
Today at 03:05:13 AM #18
I added a feature request: https://github.com/opnsense/core/issues/9652

If this gets rejected, so be it.  I don't know what limitations or challenges there are to doing this with the new MVC approach.
Print
Go Up Pages 1 2
User actions