Firewall: Alias: Allow adding descriptions to every entry

[boomer41]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe. When dealing with many entries in an alias, it is currently not possible to attach a description to each entry individually. E. g., this can result in the following port list: 53,88,123,135,137,139,389,445,464,636,3268,3269,9389,49152:65535 It is extremely hard to know what each entry represents. In pfSense, it is already possible.

Describe the solution you like The same possibilities as pfSense gives: Add a description to each entry individually to know what each entry represents or the reason it was added.

Describe alternatives you considered Creating a firewall rule for each port, just to add a description, is overkill imho.

[kulikov-a]

you can try to combine port aliases imho (create individual aliases for port(s) requiring description and create combined port(s) alias for the pf rule)

[boomer41]

Wouldn't that end up in a complete mess in the Aliases section? You have a hundred aliases just for one port, and then some lists combining them.

[AdSchellevis]

duplicate https://github.com/opnsense/core/issues/4190#issuecomment-653140801

[kulikov-a]

You have a hundred aliases just for one port, and then some lists combining them.

only if you want to add description for every single port (including well-known)?

[boomer41]

You have a hundred aliases just for one port, and then some lists combining them.

only if you want to add description for every single port (including well-known)?

See my example above. This is a list of seemingly random Ports used for active directory. You have to Google each Port to know which one is the one for GC

[AdSchellevis]

A port group similar to the network group type would be quite simple to implement, trying to push separate descriptions into single line items isn't going to happen.

Although technically it would be possible to build a combined view where a single modal edits more related objects at the same time, there just isn't a valid use-case for spending the amount of time needed to build such a view (Customers we have had the discussion with in the past came to the same conclusion, if it is worth describing an object, just make it an object by itself)

[kulikov-a]

You have to Google each Port to know which one is the one for GC

no, i don't need to search for well-known AD ports ) and you can make combinations, like "kerb ports" alias, "ldap ports" alias, 'smb ports' and so on imho this is a matter of habits and not technology

[boomer41]

Would speak anything against multi-line notes or descriptions?

This way, we can add structured free text descriptions without being limited to a single line. Someone like me could document the usage for each port, someone else may add e. g. a ticket reference and some other notes. This may also apply to almost any other non-parsed description field.

[AdSchellevis]

I don't think it's a huge issue, but it might need an extra field (short description verses a long one) as the description might be used in some other areas. Haven't checked, it's also not very hight on my priority list to be honest. You could always add an issue for the long description (/additional field if needed) to see if more people with similar issues would consider this a solution.

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.