Project

General

Profile

Actions

Feature #12665

open

Ability to add custom pf rules from the GUI

Added by Andrew - about 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

I'd be grateful if you could please consider adding the ability to specify custom pf rules from the GUI.

I'm envisaging a plain text field that the user can enter custom pf rules, which would then be appended by filter.inc on a filter reload.

There are occasions where custom pf rules are useful, in particular the "dup to" rule for selectively mirroring traffic.

See for example: https://forum.netgate.com/topic/163466/how-to-add-pf-dup-to-rules

At the moment it can be done by manually editing tmp/rules.debug or by editing filter.inc to add the custom rules (see https://docs.netgate.com/pfsense/en/latest/firewall/pf-ruleset.htm).

However, in the first case, the custom rules don't persist after a filter reload, and in the second case they won't persist after upgrading pfSense. It would therefore be helpful to have the feature in the GUI.

Thank you.

Actions #1

Updated by Andrew - about 2 years ago

... Having thought further, I'm not sure merely appending the custom rules would give users the versality they need. The "dup to" option attaches to existing pass rules, so are sensitive to ordering.

I think therefore it would be better to add a plain text field to the "advanced options" tab present for each rule.

Then the user could specify e.g. dup-to (em2 10.1.1.2) for a particular rule and pfSense would add that in when building the pf rules.

e.g.

if a rule would otherwise be: pass out on em0 proto tcp from any port 80 to any

... it would become: pass out on em0 dup-to (em2 10.1.1.2) proto tcp from any port 80 to any

Actions

Also available in: Atom PDF