Firewall rules -list/page loading time
-
Hello,
We've been experimenting with pfsense with roughly 2000 rules, and the Firewall/Rules -listing takes roughly 45 seconds to load and it gets worse as i add more rules.
I believe this to be somewhat similar to what was discussed here:
https://forum.pfsense.org/index.php?topic=106054.0;
Eg. generating rule statistics and sorting seems to be time consuming.
I played around with the thing and came up with the following "patches" (I truly lack in the php-skills department nor did i study the structure of pfsense too much, just wanted to make something that works) that seemed to drop loadtimes from 30 seconds to ~3-5secs:
--- original/firewall_rules.php 2016-10-11 13:29:09.434075290 +0300 +++ patched/firewall_rules.php 2016-10-11 13:28:59.445830193 +0300 @@ -206,6 +206,8 @@ } } + + if ($_POST) { $pconfig = $_POST; @@ -389,8 +391,9 @@ } /* Load the counter data of each pf rule. */ -$rulescnt = pfSense_get_pf_rules(); - +if(!isset($config['interfaces'][$if]['showstats'])) { + $rulescnt = pfSense_get_pf_rules(); + } // Update this if you add or remove columns! $columns_in_table = 13; @@ -975,16 +978,18 @@ // Make rules sortable. Hiding the table before applying sortable, then showing it again is // a work-around for very slow sorting on FireFox - $('table tbody.user-entries').hide(); + if(!isset($config['interfaces'][$if]['showstats'])) { + $('table tbody.user-entries').hide(); - $('table tbody.user-entries').sortable({ - cursor: 'grabbing', - update: function(event, ui) { - $('#order-store').removeAttr('disabled'); - reindex_rules(ui.item.parent('tbody')); - dirty = true; - } - }); + $('table tbody.user-entries').sortable({ + cursor: 'grabbing', + update: function(event, ui) { + $('#order-store').removeAttr('disabled'); + reindex_rules(ui.item.parent('tbody')); + dirty = true; + } + }); + } $('table tbody.user-entries').show();
--- original/interfaces.php 2016-10-11 13:29:23.142411672 +0300 +++ patched/interfaces.php 2016-10-11 13:28:48.109552018 +0300 @@ -353,6 +353,7 @@ $pconfig['blockpriv'] = isset($wancfg['blockpriv']); $pconfig['blockbogons'] = isset($wancfg['blockbogons']); +$pconfig['showstats'] = isset($wancfg['showstats']); $pconfig['spoofmac'] = $wancfg['spoofmac']; $pconfig['mtu'] = $wancfg['mtu']; $pconfig['mss'] = $wancfg['mss']; @@ -1390,6 +1391,14 @@ } else { unset($wancfg['blockbogons']); } + + if ($_POST['showstats'] == "yes") { + $wancfg['showstats'] = true; + } else { + unset($wancfg['showstats']); + } + + $wancfg['spoofmac'] = $_POST['spoofmac']; if (empty($_POST['mtu'])) { unset($wancfg['mtu']); @@ -3118,7 +3127,6 @@ } $section = new Form_Section('Reserved Networks'); - $section->addInput(new Form_Checkbox( 'blockpriv', 'Block private networks and loopback addresses', @@ -3130,6 +3138,15 @@ 'generally be turned on, unless this network interface resides in such a private address space, too.'); $section->addInput(new Form_Checkbox( + 'showstats', + 'DO *NOT* show rule statistics in listing', + '', + $pconfig['showstats'], + 'yes' +))->setHelp('Dont show rule statistics in rule listing - improves loading time with longer rule list'); + + +$section->addInput(new Form_Checkbox( 'blockbogons', 'Block bogon networks', '', @@ -3140,7 +3157,6 @@ 'Note: The update frequency can be changed under System->Advanced Firewall/NAT settings.'); $form->add($section); - $form->addGlobal(new Form_Input( 'if', null,
So idea is to have a check box somewhere that allows you to skip the statistics and sorting.
My question is, would it be possible to get something like this in the actual release?
Thanks!
-
Please submit your suggestion as a pull request here: https://github.com/pfsense/pfsense/ and the development team will review it for inclusion. At first glance it does look like a worthwhile improvement in cases with very large number of rules.