pfSense

Requesting a Feature popular on successful commercial platforms to improve the viability of PFSense for larger more complicated install bases.
Packet Tracer:
INPUT: The Admin enters in the source interface, source IP address, destination address, and destination port.
PROCESS: Have the PFSense software process the packet as if it was processed by the system. First, identify the destination interface for the packet and then compare the request packet against the rules and determine if the packet was forwarded or dropped by the system.
OUTPUT: Packet allowed using firewall rule #X (the rules may need to be numbered on the "Rules" page) or packet denied by Rule #X or denied by implicit deny all.

For extensive rulesets on firewalls, especially multi-interface, that policies may number in the hundreds or greater than a thousand this feature is practically a requirement. This function helps tremendously in troubleshooting and avoid unnecessary rule duplicates. Log files are not a good answer for proper tracking of rulesets that allow or deny traffic.

Refer to this post for other relevant discussion:
https://forum.netgate.com/topic/83994/packet-tracer-function/8?_=1706202843548

Thank you for your consideration in this feature request. As a firewall admin for many other commercial platforms this will put some polish on PFSense and make it more presentable for larger installations. I for example will not consider a firewall in any of my environments without this functionality so I'd like to see it in PFSense.