Browser freezes when loading 2000+ rows of firewall rules
-
-
Just out of curiousity, what are you doing with 2000+ rules?
-
@ekanthan said in Browser freezes when loading 2000+ rows of firewall rules:
NAT rules page with 2000+ firewall/NAT rules
I join----- @heper
what is the size of the network, that requires such a large number of rules?yeah another question what kind of hardware handles this amount of rule?
-
@ekanthan it seems that you need to use aliases (IP/host/ports) to reduce it to some reasonable number
See https://docs.netgate.com/pfsense/en/latest/book/firewall/aliases.html
and https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html -
I was stress-testing pfSense in a VM.
Regardless of hardware spec, this is a client-side issue. So, I raised it for discussion. -
@ekanthan said in Browser freezes when loading 2000+ rows of firewall rules:
this is a client-side issue.
SOHO category hardware needs time to load and handle the lot of rules....
yes, this can cause temporary GUI unavailability (it depends on the resources)
as @viktor_g suggested, many rules can be simplified using aliases
-
@DaddyGo As I mentioned earlier this is a client-side issue, the server provides the response in seconds, But the client-side DOM rendering and processing makes the browser to freeze as the page tries to restructure 2000+ rows to sortable drag and drop elements. It takes ~3 mins only on browser(client) end.
Disabling that option resolves the issue and the page renders in seconds.
Code to check -> https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/firewall_rules.php#L1006
-
Right, this is System / General Setup option:
-
Well, as long as it's easily disabled, I don't think I'd consider it a bug. But that's just me.
-
@ekanthan said in Browser freezes when loading 2000+ rows of firewall rules:
As a workaround, Disabling the dragging option in System -> General Setup resolves this freezing issue
That is the reason that option exists. It's a client browser issue, not a firewall bug, and that option helps your browser cope with large rulesets.
