Feature #10446: VIP address is not shown in firewall rules - pfSense - pfSense bugtracker

Feature #10446

VIP address is not shown in firewall rules

Added by Silmor Senedlen 6 months ago. Updated about 1 month ago.

Status:

New

Priority:

Very Low

Assignee:

Category:

Rules / NAT

Target version:

Start date:

04/09/2020

Due date:

% Done:

Estimated time:

Description

Good day
I noticed that VIP address(Type: IP Alias) is not shown in Source/Destination drop-down menu in Firewall rules.
At the same time it is displayed in NAT >> Port Forward rules in Source/Destination drop-down menu.

Example in attached screenshots.

2.4.5-RELEASE (amd64)

pfSense_PortForward_Rules.png (66.4 KB) pfSense_PortForward_Rules.png		Silmor Senedlen, 04/09/2020 09:36 AM
pfSense_Firewall_Rules.png (65.5 KB) pfSense_Firewall_Rules.png		Silmor Senedlen, 04/09/2020 09:36 AM

History

#1 Updated by Jim Pingle 6 months ago

Tracker changed from Bug to Feature
Category changed from Virtual IP Addresses to Rules / NAT
Priority changed from Normal to Very Low
Affected Version deleted (~~2.4.5~~)

It's not a bug, but perhaps a feature request.

It's generally not necessary on firewall rules because they don't have the same requirements that need to be met by NAT rules. Firewall rules can match anything, whereas NAT rules require VIPs (in most cases) when not used with interface addresses.

Plus, if you're using NAT on a VIP, you wouldn't use the VIP address in a firewall rule anyhow.

#2 Updated by Silmor Senedlen 6 months ago

Jim Pingle wrote:

It's not a bug, but perhaps a feature request.

OK, let it be a feature request.
I think it would be nice to be able to select VIP address from list(which automatically update it's value when it will be changed in Firewall >> Virtual IPs section) instead of specifying static value.

#3 Updated by Corey Boyle about 1 month ago

Would be nice for controlling access to local services like HAProxy.

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues