Feature #8279
open
Consider adding a new option to the Rule Order
0%
Description
There are situations when firewall rules order should be either preserved (kept unchanged) or when pfSense rules are sorted and kept on top of the rules list.
It'd be helpful to add a new rule order option => "pfSense Pass/Match | pfSense Block/Reject | pfB_Block Pass/Match | pfB_Block Block/Reject", e.g. process ALL pfSense rules before pfBlockerNG rules
Updated by Yuri Weinstein over 6 years ago
Use case for illustration:
There are two rules to make sure that LAN IPs access pfSense router DNS and not be able to access any external DNS servers.
Pass rule "Allow DNS to pfSense" DNS (53)
Block rule "Block all DNS not to pfSense" DNS (53)
When using any Rule Order with pfBlockerNG after updates the order always pushes my Block rule "Block all DNS not to pfSense" DNS on the bottom of the list and by doing so makes unexpected results. All pfBlockerNG rules get inserted in between Pass rule "Allow DNS to pfSense" DNS (53) and Block rule "Block all DNS not to pfSense" DNS (53)
My hope is that adding a new rule order option => "pfSense Pass/Match | pfSense Block/Reject | pfB_Block Pass/Match | pfB_Block Block/Reject" will help with this situation.
Another option that may help also instead of adding a new rule order option, would be - allow to preserve pfSense rules order, e.g. make sure pfBlockerNG places its rules on the bottom of the list maybe?
Updated by Yuri Weinstein about 6 years ago
Two more options:
1 - in pfBlockerNG, Rule Order add option - "Do not change (preserve) existing order"
or
2 - in Firewall Rules <IF> add say a check box "Preserve existing order", which will not allow the order to be changed.
Updated by Jim Pingle over 4 years ago
- Project changed from pfSense to pfSense Packages
- Category changed from 119 to pfBlockerNG