What to do with "Rules" now? There are still rules contained ...

Started by senseOPN, February 28, 2026, 02:37:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 28, 2026, 02:37:16 PM
After migration, I still see "Rules [new]" and "Rules".
Within "Rules" there are still 9 automatically added rules - and I am not sure if that means they now exist double, in the old and in the new rules.

A clear way would be to remove the "Rule" and rename "Rules [new]" to simply "Rules".

Can I do this somehow?
Will this be added later?

As there are still rules listed with in the old rules (), this is not just cosmetic.
It is quite confusing :-)

Also, even as I deleted all "Floating Rules" they are still listed for other Interfaces, see the screenshot.

March 01, 2026, 10:06:08 AM #1 Last Edit: March 01, 2026, 10:37:41 AM by OPNenthu
Quote from: senseOPN on February 28, 2026, 02:37:16 PMAfter migration, I still see "Rules [new]" and "Rules".
Within "Rules" there are still 9 automatically added rules - and I am not sure if that means they now exist double, in the old and in the new rules.

No, not double.  It's just a Jedi mind trick.

All the rules exist in the new UI and can only be edited there after migration.  Assuming you don't subsequently add more legacy rules.

As you click through each of the interfaces in the legacy UI, you'll notice they're all empty in terms of the rules that would normally be editable there.  In other words, none of the interfaces have interface rules.  None of the groups (if you have any) have group rules.  Floating doesn't have any floating rules.  They're all empty now.

Nevertheless, each of them still shows the rules from higher and lower sequence ranges, including automatic rules, in the drop-downs.  Those are the overall, combined rules from both legacy and new UIs that still govern the interface at various levels besides the one you're looking at.

(Not sure if that last paragraph made sense.)

Quote from: senseOPN on February 28, 2026, 02:37:16 PMA clear way would be to remove the "Rule" and rename "Rules [new]" to simply "Rules".

Can I do this somehow?
No, not yet.  Unless you want to hack on the code.

Quote from: senseOPN on February 28, 2026, 02:37:16 PMWill this be added later?
The devs have said the old rules UI will be deprecated at some point, but it's too early.  They're not even asking people to migrate at this time.

Quote from: senseOPN on February 28, 2026, 02:37:16 PMAs there are still rules listed with in the old rules (), this is not just cosmetic.

It isn't cosmetic and those are indeed real rules, just not duplicates.  There's no conflict.

Quote from: senseOPN on February 28, 2026, 02:37:16 PMIt is quite confusing :-)

Agreed.  Takes a minute to realize what's going on.

Quote from: senseOPN on February 28, 2026, 02:37:16 PMAlso, even as I deleted all "Floating Rules" they are still listed for other Interfaces, see the screenshot.

Hopefully it makes sense now. :)

---

TLDR; there's nothing more you need to do after migration if you followed all the steps up to and including the one to delete the legacy rules.

Unsolicited advice: once you've migrated, don't look back at the legacy UI for any reason.  Just forget it exists and try to acclimate to the new one (which is a lot like a spreadsheet).  The exception is for Outbound NAT as that isn't migrated yet.
N5105 | 8/250GB | 4xi226-V | Community
Today at 04:04:34 AM #2
Quote from: senseOPN on February 28, 2026, 02:37:16 PMCan I do this somehow?

You can create a restricted administrator account and deny access to the the old Rules section (and anything else you don't use in your environment) to clean up the menu, and use that account.
Today at 11:23:38 AM #3
There's a commit on master branch that hides old rules. It has it's ups and downs and we're still trying to think of the best way forward for 26.7 and perhaps 26.1.x but that latter part is actually trickier if we don't know what people expect. We only hear about the ones that don't like hiding after its hidden.  ;)


Cheers,
Franco
Today at 11:44:37 AM #4
Quote from: franco on Today at 11:23:38 AMWe only hear about the ones that don't like hiding after its hidden.  ;)
I'm prone to oversimplification as I'm not familiar with the code, but-

As a transitional step, why not have a setting that toggles the old rules UI on/off?  Then people can easily go back if they change their mind.
N5105 | 8/250GB | 4xi226-V | Community
Today at 11:51:01 AM #5
The pain of having two menu entries is much smaller than the pain of having a setting that needs to be placed, documented and then not forgetting to remove it afterwards.

The plan is to make the legacy firewall a plugin similar to legacy OpenVPN/IPsec.  With that the setting to have legacy firewall rules is with the click of install/uninstall said plugin.


Cheers,
Franco
Today at 02:58:31 PM #6
After migrating all of my Rules I used a port scanning service to make sure I still had a firewall in place - I used GRC Shields-Up and a couple local tools we have in place.
Minisforum UN100D, N100, 8GB, 256GB nVME w/ZFS
Today at 03:00:18 PM #7
I have no plans at all to move to the new rules, until it is forced upon me. :)

The old rules work fine, and until such point @franco starts asking for us to move, they can stay where they are :)
Hardware:
DEC750v2
Today at 05:38:26 PM #8
Quote from: ProximusAl on Today at 03:00:18 PMI have no plans at all to move to the new rules, until it is forced upon me. :)

The old rules work fine, and until such point @franco starts asking for us to move, they can stay where they are :)
+1 :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions