Ability to add custom pf rules from the GUI
I'd be grateful if you could please consider adding the ability to specify custom pf rules from the GUI.
I'm envisaging a plain text field that the user can enter custom pf rules, which would then be appended by filter.inc on a filter reload.
There are occasions where custom pf rules are useful, in particular the "dup to" rule for selectively mirroring traffic.
See for example: https://forum.netgate.com/topic/163466/how-to-add-pf-dup-to-rules
At the moment it can be done by manually editing tmp/rules.debug or by editing filter.inc to add the custom rules (see https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.htm).
However, in the first case, the custom rules don't persist after a filter reload, and in the second case they won't persist after upgrading pfSense. It would therefore be helpful to have the feature in the GUI.
Updated by Andrew - about 1 year ago
... Having thought further, I'm not sure merely appending the custom rules would give users the versality they need. The "dup to" option attaches to existing pass rules, so are sensitive to ordering.
I think therefore it would be better to add a plain text field to the "advanced options" tab present for each rule.
Then the user could specify e.g. dup-to (em2 10.1.1.2) for a particular rule and pfSense would add that in when building the pf rules.
if a rule would otherwise be: pass out on em0 proto tcp from any port 80 to any
... it would become: pass out on em0 dup-to (em2 10.1.1.2) proto tcp from any port 80 to any