Feature #15183
closed
Add per-rule option to set PF State Policy (if-bound vs floating)
100%
Description
Now that #15173 is in place it would be helpful to have a per-rule option to set state policy between default, if-bound, and floating.
This would work similar to the current "State Type" option but separate from that. Both policy and type can be set at the same time. Combining the options would be confusing.
The option should be named "State Policy", go directly above "State Type", and have three choices in a selection list drop-down:
- "" (empty/unset): Default - Use current global default policy
- "if-bound": Interface Bound - Packets matching states created by this rule can only pass on this interface (more secure)
- "floating": Floating - Packets matching states created by this rule can pass on any interface (more lenient)
Help text can lightly summarize the behavior and link to system_advanced_firewall.php and note to see option "Firewall State Policy" there for full details.
When crafting rules, it should be set similar to sloppy and other $aline['flags'] entries (~Line 3597 on CE, 3660 on Plus)
See #15173 for more info.
Related issues
Updated by 
Updated by