pfSense

I didn't think it would be hard to reproduce. Nice if it works for you, Jim, but no it is nothing about special characters.
I just did test it again on different systems - same problem again:

1) Interface Assignments, Interface Groups
2) Create Group with name "0Test", added 3 Vlans to it
3) Got to Firewall/Rules
4) Add+ Rule on 0Test Tab
5) add simplest rule (pass from 1.2.3.4 port any to any - simple)
6) save (https://i.imgur.com/x5ri5hS.png)
7) you get to the 0Rule tab with NO rule visible but you get an red error bubble immediatly

Message: pfSense is restoring the configuration /cf/conf/backup/config-1637265144.xml @ 2021-11-18 20:58:19

System log shows errors:

Nov 18 20:58:19    php-fpm    13739    /firewall_rules_edit.php: New alert found: pfSense is restoring the configuration /cf/conf/backup/config-1637265144.xml
Nov 18 20:58:19    php-fpm    13739    /firewall_rules_edit.php: pfSense is restoring the configuration /cf/conf/backup/config-1637265144.xml
Nov 18 20:58:19    php-fpm    13739    /firewall_rules_edit.php: XML error: XML_ERR_NAME_REQUIRED at line 8487 in /conf/config.xml

Same behavior on my testbox with SG2100 on 21.05.1

When you check the rules.debug file in /tmp, you'll find no trace of an Alias or IF Group named "0Test". If you go to the Interface Group and rename it to e.g. "ATest" and do the steps again -> all working. Rule gets saved. If you rename the Group back to "0Test" the rule is still there, but if you try to save you get an error again. If you check the /tmp/rules.debug the pf.conf still has the last working Group name (ATest) in it, 0Test wasn't even correctly saved and written to rules.debug or pf.conf.

So if that works for you, great but I'm very much interested in how that is a problem with special character or umlauts or something along those lines if everything we did while testing was use the exact allowed character set as quoted from the group interface page. :)

Cheers

Please have a look at https://forum.netgate.com/topic/167988/pot-bug-s-with-interface-groups-firewall-rules

I did a further check and I can reproduce the problems on either 21.05.x and 2.5.2. Starting a group name with a digit initially like your 0blah throws errors and problems if you want to add the first rule. If you manage to make a save/apply that actually writes the filter config, then it seems the group name gets written down (what seems to be missing initially) and rules can be created without problems. But a groupname starting with a digit that gets freshly created seems to miss some pointers as it somehow writes the groups tag on the interfaces correctly but seems to have problems with the first rule being written to rules.debug and the filter config.

I'd agree that simply disallowing them to start and end with a digit would be easier. Even if that means that a great way of adding some sorting to groups would be unavailable then.

Sorry about not supplying enough data in the first place. Should have known better myself as that's what I always tell my customers, too. Not my best day it seems. No offence meant!

input validation improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/468