"RuleSets" would be highly appriciated
-
Hello,
I defined a significant number of VLAN's, which rule-sets which are partly identical. That is hard to maintain!
To overcome that I partly use ^Interface Groups^, but that does not offer the flexibility I would like to have.
Lets assume the following situation:
*** vlan-1 ***- blocked ABC
- allowed DEF
- blocked GH
- allowed IJ
- block the rest but log what I blocked
*** vlan-2 ***
- blocked ABC
- allowed DE
- blocked FGH
- allowed IJKL
- block the rest but log what I blocked
To a certain extend I could simplify the rulesets by defining a lan group "X" containing vlan-1 and vlan-2
However that would only help for the first ABC-part and in fact not even that ...
Not even that, because, you can not use "lan address" or "lan-net" since <the vlanname> is automatically substituted by "vlan-1" or "vlan-2"
Also note that the order in which rules have to be applied, is crucial for the fw behavoir, limits the usefulness of interface groups.
So "RuleSets" would save me significant work and perhaps even more important, would reduce the change on errors and inconsistency
-
@louis2 said in "RuleSets" would be highly appriciated: ...
… you can not use "lan address" or "lan-net" since <the vlanname> is automatically substituted by "vlan-1" or "vlan-2"
I would like to see “This lan” and “This net” options in addition to a copy all rules. Then when setting up a new vlan all rules from the most similar interface could be easily copied across.