cannot assign WAN to an interface group nor assign WAN to no interface at all nor destroy WAN interface

skullnobrains · Jan 10, 2019, 1:28 PM

hello

i'm using multiple wan interfaces.

for various reasons, using a private bridge is complicated to say the least in my case

i'm currently assigning "WANS" to an interface group with my various WAN links

unfortunately, the WAN interface keeps showing both in interface assignments and firewall rules

is there any way to circumvent ?

as a side question, is there any way to prevent interfaces from showing in firewall/rules ? im currently bothered by a bunch of interfaces which are actually members of interface groups and have no reasons to bare individual rules and the automatically generated OpenVPN interface group which is meaningless in my case

LeCygne · Jan 10, 2019, 2:03 PM

Hello there! What is the point of using "a private bridge" according to your words? Does the same issue happen when trying to add non-WAN other interfaces to an interface group? What about a few pictures regarding the issue you are facing?

skullnobrains · Jan 10, 2019, 3:29 PM

the private bridge is something i've been setting up temporarily in order to circumvent the impossibility to assign WAN to an interface group. i've been using it during a migration ( from one WAN to a bunch of different WAN links ), and removed it because it produced a working but messy and error prone setup. it is merely one ( twisted ) way to emulate an interface group.

removing WAN from the firewall rules was actually as easy as disabling the interface

i'd like nevertheless to assign all my WAN links to the builtin WAN interface so feature such as bogons can be enabled and i can leave a cleaner setup. i'm mostly dealing with inbound traffic and use multiple wan ip ranges.

likewise, i currently have about 15 interfaces and will have at least twice as many, most of which will belong to interface groups and have no reason to be associated with any rule. it would be very convenient if i could just hide them from the interface list in the rules page.

thanks for your time

LeCygne · Jan 10, 2019, 3:33 PM

Thanks for you reply, but you didn't answer my question "Does the same issue.."?

skullnobrains · Jan 10, 2019, 3:49 PM

i have no problem adding my WAN links to an interface group

i just cannot name this group "WAN" because WAN is a builtin interface that already exists and i cannot assign WAN to an interface group either.

this is not too bad : once WAN is disabled, it does not show up in rules so i'm confident other admins are unlikely to get mixed up.

i also found that bogons is not a general setting and can be enabled on a per interface basis which covers my other concerns

--

... which leaves me with my off-topic secondary question regarding hiding interfaces from the rules.php interface list. i'll file this as a separate feature request unless you know of some obvious way i've overlooked.

thanks for your help

skullnobrains · Jan 10, 2019, 3:52 PM

btw, i have another pfsense instance that does not have a WAN interface at all. guess i just skipped creating one during the initial install setup.

so apparently, there is a way to skip it's creation but no way to remove it once it has been created.