Interface Groups as Firewall Alias?



  • For firewall rules management I use a interface group to keep allow/restrict certain inter-vlan communication.
    Creating rules in interface group can be a pain as no alias for interface group network/address exists.
    So I have to create my own alias and add each vlan network/address to that alias.

    There are 2 solutions to my problem, both or only 1 of them can be implemented to help out:

    Allow default auto-generated interface network and interface address aliases to be added to user created aliases, just like you can add other user created aliases into another user created aliases.
    Auto generate 2 aliases, one for the interface group network and other for the interface group address.
    Not sure if this limitation has already been discussed.

    Please tell me why this is wrong or if this feature should be requested.