OPNsense 26.1_4-amd64 unable to view automatic generated rules in new firewall rules

Started by hharry, February 04, 2026, 03:14:53 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 04, 2026, 03:14:53 AM Last Edit: February 04, 2026, 03:22:32 AM by hharry
LAB sand box test environment upgraded from 25.7.11 to 26.1_4-amd64, and now unable to view automatic rules in new firewall.

Under the old firewalls rules, can see all the automatic rules applied, i used the rules migration feature, and cannot view any of the automatic generated rules in the new firewall rules...

Howto view automatic generated rules in new firewall rules ?
OPNsense 25.7.10-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, mDNS proxy, sftp-backup plugins. limited kea DHCP server deployment.
February 04, 2026, 07:34:33 AM #1
Hi hharry

The new GUI for the firewall rules is unfortunately a bit confusing and will certainly need some further optimization. To see the automatic rules, simply click the 'Inspect' button.
February 04, 2026, 08:27:37 AM #2
How about "documented confusing"?

https://docs.opnsense.org/manual/firewall.html#inspect-button

It's new, it will mature or grow on you. In this case perhaps the latter. You mostly do not need the automatic rules for inspection when you open the page do do something.


Cheers,
Franco
February 04, 2026, 10:10:24 AM #3
Quote from: tohil on February 04, 2026, 07:34:33 AMHi hharry

The new GUI for the firewall rules is unfortunately a bit confusing and will certainly need some further optimization. To see the automatic rules, simply click the 'Inspect' button.

Thanks, it is a definite GUI regression, in prior 25.7.11 release could see the automatic generated rules all the time, not in inspection mode.
OPNsense 25.7.10-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, mDNS proxy, sftp-backup plugins. limited kea DHCP server deployment.
February 04, 2026, 10:27:10 AM #4
I wouldn't call it a regression because you don't need to see them all the time, and it improves performance a lot by only collecting them when "Inspect" is active.

I rather have a more response GUI for day to day operation than seeing everything all the time.
Hardware:
DEC740
February 04, 2026, 10:32:20 AM #5
Quote from: Monviech (Cedrik) on February 04, 2026, 10:27:10 AMI wouldn't call it a regression because you don't need to see them all the time, and it improves performance a lot by only collecting them when "Inspect" is active.

I rather have a more response GUI for day to day operation than seeing everything all the time.

In prior release;

1. Could see the automatic generated rules "display" button all the time, so the automatic generated rules wasn't showed all the time, as you needed to click the automatic rules button for then to show in GUI, but this button has disappeared in 26.x, so the option is removed. It is a user interface regression for zero apparent benefit.

2. never had any performance issue what so ever.
OPNsense 25.7.10-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, mDNS proxy, sftp-backup plugins. limited kea DHCP server deployment.
February 04, 2026, 10:45:41 AM #6
You can also see it at all times in the new release, just toggle the "Inspect" and the "Tree View" buttons. They are sticky too so a reload will always show all rules and folders.
Hardware:
DEC740
February 04, 2026, 11:35:10 AM #7
Quote from: Monviech (Cedrik) on February 04, 2026, 10:45:41 AMYou can also see it at all times in the new release, just toggle the "Inspect" and the "Tree View" buttons. They are sticky too so a reload will always show all rules and folders.

why was the automatic generated rules expand button removed in 26.x ?
OPNsense 25.7.10-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, mDNS proxy, sftp-backup plugins. limited kea DHCP server deployment.
February 04, 2026, 11:38:43 AM #8
It was not removed, I just told you how you can have it.

Also, you can still use the legacy rules for as long as you like, they're not going anywhere for a while.
Hardware:
DEC740
February 04, 2026, 11:42:38 AM #9 Last Edit: February 04, 2026, 11:45:10 AM by hharry
Quote from: Monviech (Cedrik) on February 04, 2026, 11:38:43 AMIt was not removed, I just told you how you can have it.

Also, you can still use the legacy rules for as long as you like, they're not going anywhere for a while.

highlighted in yellow is the button that is removed in 26.x, your simply trying to dodge the question !



OPNsense 25.7.10-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, mDNS proxy, sftp-backup plugins. limited kea DHCP server deployment.
February 04, 2026, 11:58:54 AM #10
Most of these extra bells and whistles are unnecessary. Personally, I miss having clear, simple, and specific information on the dashboard like the IP address, which even the cheapest routers show right on the start page. Instead, I have to click through multiple menus just to find it. I always prioritize simplicity, readability, and speed, along with system responsiveness and eliminating routing jitter, rather than wasting device performance on useless features.
February 04, 2026, 12:04:57 PM #11
Quote from: Armani on February 04, 2026, 11:58:54 AMI miss having clear, simple, and specific information on the dashboard like the IP address

There's an "Interfaces" widget for the dashboard that does exactly that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 04, 2026, 12:32:29 PM #12 Last Edit: February 04, 2026, 01:01:34 PM by Armani
IP addresses were just an example here. I'm looking for more detailed yet readable information. For instance, I need to link the 'Interfaces' widget with 'DHCP' to display the connected device names as well, and so on... However, I've grown accustomed to how limited the OPNsense dashboard is it simply doesn't compare to something like Grafana dashboards, which can be configured to show exactly what you want upfront. Having such flexibility natively would be ideal, as an integrated dashboard would consume minimal additional resources and only while in use without the security risks associated with exporting sensitive network data to external tools.
February 04, 2026, 05:20:55 PM #13
Quote from: Armani on February 04, 2026, 12:32:29 PMIP addresses were just an example here.
The mentioned widget is really sweet so make sure to check it out! ;)

QuoteI'm looking for more detailed yet readable information. For instance, I need to link the 'Interfaces' widget with 'DHCP' to display the connected device names as well, and so on... However, I've grown accustomed to how limited the OPNsense dashboard is it simply doesn't compare to something like Grafana dashboards, which can be configured to show exactly what you want upfront. Having such flexibility natively would be ideal, as an integrated dashboard would consume minimal additional resources and only while in use without the security risks associated with exporting sensitive network data to external tools.
Would something like this work for you : https://forum.opnsense.org/index.php?topic=50686.msg259070#msg259070 ??

If so, then maybe we should group up and start a Feature Request :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions