Bug #14691
closed
Separators get shifted when copying firewall rules between interfaces
100%
Description
Reproduce¶
Have two active interfaces, one with at least one firewall rule (hereafter called OPT1) and the other with multiple rules and separators (OPT2).
- Go to Firewall --> Rules --> OPT1
- Click the copy/duplicate icon (overlapping squares) on an existing rule
- Change Interface to OPT2 and save
The new rule gets added first in the list, shifting the old rules relative to the separators as described below.
Example result¶
Rules and separator on target interface before copying:
- Separator A
- Rule A1
- Rule A2
- Separator B
- Rule B1
- Rule B2
After copying, I get:
- Separator A
- New rule
- Rule A1
- Separator B
- Rule A2
- Rule B1
- Rule B2
As you can see, the new rule was added on top and all separators kept their absolute position in the list, shifting them relative to the rules.
System information¶
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Files
Updated by Danilo Zrenjanin 9 months ago
Tested against:
23.05.1-RELEASE (amd64) built on Wed Jun 28 03:57:27 UTC 2023 FreeBSD 14.0-CURRENT
I followed the steps to replicate the issue. However, the rule has always been copied at the bottom of the list of the destination interface.
I'll test against 2.7.0 soon and let you know the results.
Updated by Marcos M 9 months ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset abc8192b1028f48bb768ffb6727bed4d05adae7f.
Updated by Marcos M 9 months ago
- Status changed from Feedback to In Progress
The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to OPT1 (the new interface comes after).
I do see a new issue however - when editing a rule and changing the interface, the original rule is kept and a copy is made instead. Additionally, removing a single rule above a separator would not correctly shift the separators. Fixes coming shortly.
Updated by Marcos M 9 months ago
- Status changed from In Progress to Feedback
Applied in changeset 26b97b650457ba98360b5648dd801fd0adb567a5.
Updated by Danilo Zrenjanin 9 months ago
After applying the patch, I made the following observations:
Before copying:¶
Rules on source interface (LAN)
Rule LAN1
Rule LAN2
Rules on destination interface (OPT1)
SEPARATOR A
Rule A1
Rule A2
SEPARATOR B
Rule B1
Rule B2
After copying the Rule LAN1, changing the interface to OPT1¶
OPT1 interface rules:
SEPARATOR A
Rule LAN1
Rule A1
SEPARATOR B
Rule A2
Rule B1
Rule B2
The issue with the ordering rules after copying persists.
While the issue with the edit/change interface does remove the rule from the source interface but causes the same trouble with ordering as described above.
Note
LAN interface is (VLAN)
OPT1 is a native interface
Updated by Danilo Zrenjanin 9 months ago
- Status changed from Feedback to Resolved
Tested against:
2.8.0-DEVELOPMENT (amd64) built on Fri Aug 25 06:05:39 UTC 2023 FreeBSD 14.0-ALPHA2
Everything seems to be in order. It's possible that I made a mistake while testing the patch previously.
I am resolving this ticket.
Updated by 
Updated by Jonathan Lee 5 months ago
<separator>
<wan></wan>
<lan></lan>
<opt1></opt1>
<floatingrules></floatingrules>
<ethernetrules></ethernetrules>
</separator>
This fixed my issues like this old separators were still showing in the config.xml file
Updated by Jonathan Lee 5 months ago
- File Screenshot 2023-12-15 at 10.19.31 PM.png Screenshot 2023-12-15 at 10.19.31 PM.png added
- File Screenshot 2023-12-15 at 10.19.31 PM.png Screenshot 2023-12-15 at 10.19.31 PM.png added
old separators