Add "All local networks" to source and destination drop down boxen in firewall rules
This would allow easily negating all local networks (internet) where usage of "floating rules" is not desirable easily.
Updated by Jim Pingle about 11 years ago
- Status changed from Closed to New
This isn't the same as the other ticket.
The other ticket is a list of IPs directly assigned to the router itself (Like an alias with host entries). This is a list of all locally connected networks (like an alias with network entries with appropriate subnet masks).
Updated by Josh Stompro about 11 years ago
Please consider expanding this enhancement to include the following.
Automatically add aliases that correspond to the local interface networks. The source/destination drop downs under firewall rules include shortcuts for "LAN network", "WAN network", etc. If the system automatically added those as aliases "WANNetwork" = "WAN Network", it would be possible to construct an alias that includes a certain subset of local networks, and would automatically stay synchronized with interface subnet changes.
Say you had 10 local LAN interfaces/vlans, LAN01-LAN10. And you wanted to block traffic from LAN01 and LAN02 from reaching LAN03-LAN10. It would be nice to be able to construct an alias that included the networks "LAN03Network", "LAN04Network"... so only two firewall rules would be needed to block traffic from LAN01 and LAN02. This is possible now by manually entering the network info to an alias, but that needs to be updated separately when interface network settings are changes, adding an extra point of failure.
My particular use case is that I have 30 pfSense firewalls that all have slightly different local network settings, and when I set them up I go through and change the local network info on my master config image. A feature like this would save me some time since I wouldn't need to touch the aliases or firewall rules when changing local lan info.