cannot assign WAN to an interface group nor assign WAN to no interface at all nor destroy WAN interface



  • hello

    i'm using multiple wan interfaces.

    for various reasons, using a private bridge is complicated to say the least in my case

    i'm currently assigning "WANS" to an interface group with my various WAN links

    unfortunately, the WAN interface keeps showing both in interface assignments and firewall rules

    is there any way to circumvent ?

    as a side question, is there any way to prevent interfaces from showing in firewall/rules ? im currently bothered by a bunch of interfaces which are actually members of interface groups and have no reasons to bare individual rules and the automatically generated OpenVPN interface group which is meaningless in my case



  • Hello there! What is the point of using "a private bridge" according to your words? Does the same issue happen when trying to add non-WAN other interfaces to an interface group? What about a few pictures regarding the issue you are facing?



  • the private bridge is something i've been setting up temporarily in order to circumvent the impossibility to assign WAN to an interface group. i've been using it during a migration ( from one WAN to a bunch of different WAN links ), and removed it because it produced a working but messy and error prone setup. it is merely one ( twisted ) way to emulate an interface group.

    removing WAN from the firewall rules was actually as easy as disabling the interface

    i'd like nevertheless to assign all my WAN links to the builtin WAN interface so feature such as bogons can be enabled and i can leave a cleaner setup. i'm mostly dealing with inbound traffic and use multiple wan ip ranges.

    likewise, i currently have about 15 interfaces and will have at least twice as many, most of which will belong to interface groups and have no reason to be associated with any rule. it would be very convenient if i could just hide them from the interface list in the rules page.

    thanks for your time



  • Thanks for you reply, but you didn't answer my question "Does the same issue.."?



  • i have no problem adding my WAN links to an interface group

    i just cannot name this group "WAN" because WAN is a builtin interface that already exists and i cannot assign WAN to an interface group either.

    this is not too bad : once WAN is disabled, it does not show up in rules so i'm confident other admins are unlikely to get mixed up.

    i also found that bogons is not a general setting and can be enabled on a per interface basis which covers my other concerns

    --

    ... which leaves me with my off-topic secondary question regarding hiding interfaces from the rules.php interface list. i'll file this as a separate feature request unless you know of some obvious way i've overlooked.

    thanks for your help



  • btw, i have another pfsense instance that does not have a WAN interface at all. guess i just skipped creating one during the initial install setup.

    so apparently, there is a way to skip it's creation but no way to remove it once it has been created.