4. Service profiles, templates or rule groups?

Service profiles, templates or rule groups?

  • D

    I wondered if anyone knows of a way to create a profile of a service that can apply all the rules/nat/carp information to pfsense as a standard set for a given service?

    Idea being you have a profile that describes what is needed for a complete server service, eg  a web server with public IP, LAN IP and rules/NAT for HTTP HTTPS SSH SMTP etc. or some subset of it grouping the information. Perhaps picking a NAT rule group to apply and link to the required FW rules etc.  Mainly as a way of ensuring reliable consistent rules are applied to services and perhaps that they could be updated en masse.

    Does that process exist and I missed it or is it something of interest for the future?

    K

    0
  • D

    Replying a bit to my own post, but could this be done by simply externally rewriting the xml backup file and then restoring it? Presumably that would require a service restart?

    Thinking aloud, if that was done as part of a cluster would the new restored file then overwrite the configs on all FWs? That would possibly mean that the service as a whole stayed up all through the process?

    If that is all true then it would be possible to write an offline rule editor that could build the config from a DB produce the XML and then restore/export it to the firewalls?

    Any thoughts about that?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy