pfSense

Hello,

I have a significant number of vlans which all need small variants of the same ruleset. In the actual situation / with the actual GUI, I have to define and maintain those group of rules for each vlan separately, which is both very, very exhausting and perhaps even more severe very, very error prone!

As example each vlan ruleset is build like this:
- some vlan specific rules
- a group-A which is equal for vlan X,Y,Z
- some vlan specific rules
- a group-B which is equal for vlan X,Y,Z
- some final rules specific for the vlan

This functionality should work for normal FW-rules, but also e.g. for nat-rules
(e.g. when using rules to redirect DNS or other ports)

A couple of additional remarks/notes:
- at this moment you can define an interface group, however that functionality is too limited because:

• it is only possible to combine the first couple of rules
• there are virtual addresses like "<vlan-name>-address" but there is no "vlan-address" which would stand for "this-vlan-address"
• the same for <vlan-name>-net
  Adding those ^aliasses would be helpfull as well

This feature would reduce the number of rules (gui-rules) in my system by probably at least factor two or three very !!!