Feature #14448
closedSupport interface groups in firewall rule source/destination fields
100%
Description
You can select interface networks as a source/destination. It would be useful to be able to select an interface group as well for total abstraction
Related issues
Updated by Chris M Scott 12 months ago
You can select interface networks as a source/destination. It would be useful to be able to select an interface group as well for total abstraction and a singe source of truth
Updated by Lev Prokofev 10 months ago
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Option to choose "interface group" network appears in the firewall rules, pfctl shows created rules after a filter reload
pass in quick on igb1 inet proto tcp from 10.0.10.0/24 to any flags S/SA keep state label "USER_RULE" label "id:1690478259" ridentifier 1690478259
pass in quick on igb1 inet proto tcp from 192.168.10.0/24 to any flags S/SA keep state label "USER_RULE" label "id:1690478259" ridentifier 1690478259
USER_RULE id:1690478259 114 0 0 0 0 0 0 0
USER_RULE id:1690478259 14 0 0 0 0 0 0 0
Updated by Georgiy Tyutyunnik 10 months ago
tested on:
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
works solid. you can refer to the interface group networks even if some members don't have a subnet on them, and it doesn't break anything
Updated by Marcos M 10 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset 9fbd5798a3d76b36e6cc37debc5a37d382977a78.
Updated by Marcos M 4 months ago
- Is duplicate of Feature #746: Add interface group to source/dest drop downs added