Adding in/out radio buttons to Firewall pages.
-
Hello,
I have a multi-site, multi-subnet network managed by pfsense 2.0.1 routers. I find it very inconvenient to have to use floating rules to add outbound firewall rules. It would be much easier to block connections from certain subnets to a target subnet if for each interface I could have a list of outbound firewall rules. I'm wondering how difficult it would be for me to implement separate in and out firewall rule pages for each interface. I imagine this would require some extra code for managing the settings file and firewall rule generation, but this is something I'd be willing to tackle if I had some encouraging input about the difficulty (or lack thereof) of implementing this idea.Thanks,
JeffEDIT: I needed to reverse my in/out terminology.
-
Not common enough to warrant completely redesigning it. It would just confuse people more than it helps.
Floating rules are the best place for that.
-
Floating rules offer the same functionality, but in a less organized fashion. You can't see, for example, which interfaces a rule applies too from the list. How is that less confusing?
-
Because adding an 'out' selector completely changes the entire philosophy of how rules have always been managed. It doesn't just add a feature. Its presence will make people think they need to use it, when they really don't, even if it's hidden.
Fixing the Floating rules list to better signify things like the interfaces being used is more feasible.
Making "out" easier to use is a bad idea. For most people, it doesn't do what they think it will do, and just makes things more complicated than they need to be.
Yes, it can make certain specific things easier, but for those cases, Floating rules work. If you find Floating rules deficient for that case, fix Floating rules.
