Feature #13468
open
FW-rule-groups, would be very, very helpfull
0%
Description
Hello,
I have a significant number of vlans which all need small variants of the same ruleset. In the actual situation / with the actual GUI, I have to define and maintain those group of rules for each vlan separately, which is both very, very exhausting and perhaps even more severe very, very error prone!
As example each vlan ruleset is build like this:
- some vlan specific rules
- a group-A which is equal for vlan X,Y,Z
- some vlan specific rules
- a group-B which is equal for vlan X,Y,Z
- some final rules specific for the vlan
This functionality should work for normal FW-rules, but also e.g. for nat-rules
(e.g. when using rules to redirect DNS or other ports)
- at this moment you can define an interface group, however that functionality is too limited because:
- it is only possible to combine the first couple of rules
- there are virtual addresses like "<vlan-name>-address" but there is no "vlan-address" which would stand for "this-vlan-address"
- the same for <vlan-name>-net
Adding those aliasses would be helpfull as well
This feature would reduce the number of rules (gui-rules) in my system by probably at least factor two or three very !!!
Updated by Louis B 2 months ago
I discovered that interface groups, are IMHO not interface groups, but rule groups. However the GUI is not in line with that :)
So the function I requested years ago, is almost there!!
- netgate should agree that interface groups are not interface-groups but rule-groups
- documentation should be updated
- and it would be better if the GUI is updated as well
I am using now and plan to use them more, since rule-groups makes it easier to maintain the FW.
For more details see my thread [Netgate Forum] Interface Group turns out to be ^Rule Group! Which is awesome !!^