Service profiles, templates or rule groups?



  • I wondered if anyone knows of a way to create a profile of a service that can apply all the rules/nat/carp information to pfsense as a standard set for a given service?

    Idea being you have a profile that describes what is needed for a complete server service, eg  a web server with public IP, LAN IP and rules/NAT for HTTP HTTPS SSH SMTP etc. or some subset of it grouping the information. Perhaps picking a NAT rule group to apply and link to the required FW rules etc.  Mainly as a way of ensuring reliable consistent rules are applied to services and perhaps that they could be updated en masse.

    Does that process exist and I missed it or is it something of interest for the future?

    K



  • Replying a bit to my own post, but could this be done by simply externally rewriting the xml backup file and then restoring it? Presumably that would require a service restart?

    Thinking aloud, if that was done as part of a cluster would the new restored file then overwrite the configs on all FWs? That would possibly mean that the service as a whole stayed up all through the process?

    If that is all true then it would be possible to write an offline rule editor that could build the config from a DB produce the XML and then restore/export it to the firewalls?

    Any thoughts about that?


Log in to reply