Service profiles, templates or rule groups?
-
I wondered if anyone knows of a way to create a profile of a service that can apply all the rules/nat/carp information to pfsense as a standard set for a given service?
Idea being you have a profile that describes what is needed for a complete server service, eg a web server with public IP, LAN IP and rules/NAT for HTTP HTTPS SSH SMTP etc. or some subset of it grouping the information. Perhaps picking a NAT rule group to apply and link to the required FW rules etc. Mainly as a way of ensuring reliable consistent rules are applied to services and perhaps that they could be updated en masse.
Does that process exist and I missed it or is it something of interest for the future?
K
-
Replying a bit to my own post, but could this be done by simply externally rewriting the xml backup file and then restoring it? Presumably that would require a service restart?
Thinking aloud, if that was done as part of a cluster would the new restored file then overwrite the configs on all FWs? That would possibly mean that the service as a whole stayed up all through the process?
If that is all true then it would be possible to write an offline rule editor that could build the config from a DB produce the XML and then restore/export it to the firewalls?
Any thoughts about that?