easyrule command documentation should document permissible wildcards

rcfa · Apr 2, 2022, 1:36 PM

At https://docs.netgate.com/pfsense/en/latest/firewall/easyrule.html#easyrule-in-the-shell the documentation is typically terse. But documentation should not be for those who already know things, but for those who know nothing.

The entire page there does not make one mention of what wildcards are permissible.

With trial and error (because I had the specific need) I ended up figuring out that

easyrule pass wan any any any any

works, but would

easyrule pass any any any any any

also work? Don't know, wasn't in a position to risk my setup playing aroud with it. And frankly, nobody should be having to do trial and error, one should be able to read the documentation, and know what, if any, wildcards are applicable for each parameter to the command.

itpp21 · Apr 2, 2022, 6:14 PM

Nothing complicated:

Single IP
easyrule block wan 123.111.222.123

Subnet
easyrule block wan 123.111.222.0/24

Larger Subnet
easyrule block wan 123.111.0.0/16

Specific subnets also work, https://www.subnet-calculator.com/

rcfa · Apr 2, 2022, 7:54 PM

@itpp21 Of course it’s not complicated, but it’s not documented that wildcards „any“ can be used.