core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Added Button to select all in policy edit modal - policy.volt

Open vzeller opened this issue 8 months ago • 10 comments

Added Button to select all in policy edit modal - policy.volt So users can quickly select all options and deselect what they do not want. Saves a lot of time when creating custom policies.

vzeller avatar Apr 13 '25 09:04 vzeller

@vzeller do you have a concrete example where this would save time? I haven't seen many cases where you would like to have all options except some.

AdSchellevis avatar Apr 13 '25 12:04 AdSchellevis

@vzeller do you have a concrete example where this would save time? I haven't seen many cases where you would like to have all options except some.

Not sure if im using Policys the intended or right way. However, i have added Snort rules via oink code and ET Pro via the Telemetry Plugin and enabled all rules. To make the IDS use the rules work, except some things i want to have passed. It is my workflow to add a Policy that has everything enabled. And change all Alerts to be Dropped. Then i deselect the the category i want to have passed. Before i came up with the Javascript i would select all categories CVE's and Threat Groups .. everything manually. Which takes a lot of time if you have many entries populated from Snort, ET Pro and maybe others. Makes sense?

vzeller avatar Apr 13 '25 12:04 vzeller

Also, with every update ( i have daily updates for IDS rules via cron job). It would change names and add entries in First-Seen or CVE's etc. So i have to update the policy frequently.

vzeller avatar Apr 13 '25 13:04 vzeller

Privacy enhancing techniques used in a surveilled network / surveillance state.

vzeller avatar Apr 13 '25 13:04 vzeller

I'm only using ET's rules, but in practice you really only want to filter either full sets (files) or things that are clearly specified (and have limited options), such as deployment type. Micromanaging on things that change daily is usually not a great strategy in my humble opinion.

AdSchellevis avatar Apr 13 '25 15:04 AdSchellevis

Yes, ideally it would add the new IDS rules enabled. Or give the Option to add them either disabled or enabled, keeping previous selections. Until that, this is a step in the right direction.

vzeller avatar Apr 13 '25 16:04 vzeller

Maybe it's better to start with a ticket explaining the issue you want to solve, either I don't understand the use-case (which is perfectly possible) or this option doesn't add much value and we're trying to fix the wrong thing here.

These metadata selections are intended to match more or less static things like type of attacks (from a limited list) or deployments. When trying to more or less specify single sids by there metadata, this seems overly complicated.

AdSchellevis avatar Apr 13 '25 16:04 AdSchellevis

If the code is not harmfull and adds functionality, why argue against if?

vzeller avatar Apr 13 '25 18:04 vzeller

Talking use cases and problems can help remove code sometimes, but adding “solutions” always adds code.

fichtner avatar Apr 13 '25 18:04 fichtner

Well, after all I'm just a user. And this helps me a lot, so I wanted to share it 💞

vzeller avatar Apr 13 '25 20:04 vzeller