pfsense-api
pfsense-api copied to clipboard
jaredhendrickson13
Multiple interaces for floating rule
Since version 1.4.0 there is a possibility to manage floating firewall rules.
But the meaning of floating rules is, that they can be related to multiple interfaces.
When you open a firewall rule edit page, you can see "multiselect" text area to pick multiple interfaces.
This is not possible to achieve with API.
Solution proposal:
- an interface string attribute in the request body can consume multiple values separated by "," delimiter (so we can set it up via existing attribute) or
- Duplicating the /firewall_rules endpoint to firewall_floating_rules and handling the floating rules completely separate
Cheers, Viktor
Asked here while ago on the relevant PR btw: https://github.com/jaredhendrickson13/pfsense-api/pull/188#issuecomment-1070593580
I took a look into the config xml, and it seems, that the interfaces are indeed saved as a "," separated value.
So if I'm looking correctly on the APIFirewallRuleCreate, only the validation should be adapted to make it work?
And actually, the values from already existing floating rules are also returned in "opt1,opt9" format in interface attribute.
{
"id": "",
"tracker": "1656335395",
"type": "pass",
"interface": "opt1,opt9",
"ipprotocol": "inet",
"tag": "",
"tagged": "",
"direction": "any",
"floating": "yes",
"max": "",
"max-src-nodes": "",
"max-src-conn": "",
"max-src-states": "",
"statetimeout": "",
"statetype": "keep state",
"os": "",
"protocol": "tcp",
"source": {
"any": ""
},
"destination": {
"any": ""
},
"disabled": "",
"descr": "",
"updated": {
"time": "1656335395",
"username": "[email protected] (Local Database)"
},
"created": {
"time": "1656335395",
"username": "[email protected] (Local Database)"
}
}
Is there any reason why not enable multiple interfaces separated by "," (without spaces) - like backwards compatibility reasons etc?