core
core copied to clipboard
opnsense
Customizable fields/columns for firewall rule lists
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [ x ] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [ x ] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Is your feature request related to a problem? Please describe.
If your firewall rules use less common options, you can't see them from the rule list (firewall_rules.php?if=xxx) without opening the rule editor. For example, a rule that passes or rejects only on a previously applied tag looks in the rule list like it matches everything - all sources and destinations. Similarly, the rule list won't show the tag applied by the previous rule. You can only see this behavior by drilling into the rule editor.
On the other hand, if you don't use options that are present in the default view (e.g. schedules or gateways), that space is taken up unnecessarily.
Describe the solution you like
It would be nice to be able to edit the visible columns in the rules lists, in the same way you can for other data grid views.
Alternatively, it may be nice to have a button for each rule or for the overall table that would display the generated pf rule syntax when clicked, so that people familiar with the syntax can quickly see exactly what each rule does.
Both of these features would mainly be useful for more advanced users, but more advanced users are the ones using less common rule options in the first place.
Describe alternatives you considered
My specific use case is for rules that set or match on tags, although a more flexible rule table display would be good for other use cases as well. I've tried a couple of alternatives:
- Using the description. In my case, stating "sets ___" or "matches ___" in the description. With this workaround you need to remember to update the description if the tag match/set behavior of the rule changes, and it leaves less room in the description for actual description.
- Using categories. In my case, creating categories for either "Sets tag", "Matches tag", "sets ___" or "matches ___" and applying them to the relevant rules. With this approach you also need to remember to add or remove the category if the behavior of the rule changes, and it can clutter your categories.
Additional context
N/A, I'm happy to provide any other information if requested. Thank you for considering this!
Eventually the legacy firewall parts need an MVC replacement as well, we're just not there yet.
This is sort of related, but I can create a separate feature request if you like?
I just switched from PFSense, and the one, glaring thing I miss is the ability to group firewall rules for clarity...
Is this a worthwhile ask? OPNSense has a folder for the default rules. It would be great if you could group other folders, but simple headings you could arrange like the rules (as in the screenshot) would be just fine...
Let me know if I should make a separate thread... and thanks!
We offer categories for grouping (https://docs.opnsense.org/manual/firewall_categories.html), see also https://github.com/opnsense/core/issues/3795
We offer categories for grouping (https://docs.opnsense.org/manual/firewall_categories.html), see also #3795.
That helps, thanks. I hadn't gotten far enough along to see the category feature.
One suggestion I'd add is to allow a "grouping" option in the firewall list which would toggle the rules into a collapsible folder tree by category. Of course, the caveat would be that multiple categories added to a rule would cause the list to appear out of order from how rules might be executed. There really is no perfect solution, but those groups really help organize things.
I'm off and running with categories, though... Thanks for the nudge!