Feature #15218
closed
Allow manual ordering of generated rules
0%
Description
Under Firewall > pfBlockerNG in the IP tab's IP Interface/Rules Configuration section, there's the "Firewall 'Auto' Rule Order" setting.
Whats's needed here is a "manual" option, where new rules are simply appended at the bottom, and the user can then reorder them where they should be on the Firewall Rules setting page.
I have a rather specific ordering of my rules, and each time something updates the auto rules, my rule order is messed up, and I must reorder them, which is frankly a major PITA.
In particular I have certain pass rules that MUST always be at first place, but then I want all the blocking and filter rules, and last I want the regular passing rules. e.g. I want spammers filtered before they get passed to the mail server, but I want anti-lockout rules to always pass traffic to my admin software interfaces, no matter what.
So the auto rules must go between pfSense pass rules, and that won't work. To prevent getting potentially locked out, I must use the order "pfSense Pass/Match | pfb_Pass/Match | pfB_Block/Reject | pfSense Block/Reject" auto-order, but my actual order is more like "pfSense Pass/Match | pfSense Block/Reject | pfb_Pass/Match | pfB_Block/Reject | pfSense Pass/Match" where obviously only I know what goes where.
So manual ordering is a key option that should be provided...
Updated by BBcan177 . about 1 month ago
Instead of using Auto Type rules, you need to use Alias type rules (ie: Alias_Deny) which pfB will create the Table but not make any rules. Then you are able to fully control how the rules are used. See the Blue infoblock icon in the Action Setting.
Updated by