Support for Floating Rules (Global Firewall-Rules that are automatically applied before all other Zone Rules)
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

None

Authored By

	aga
	Jun 15 2023, 4:56 PM

Description

Would be removing many duplicate rules that have to be created in multiple zones. (eg. IP- / URL-Blocklists etc.)

The system checks the floating rules first before any other of “regular rules”.

(As seen in pfSense etc.)

Example / Possible syntax:

set firewall floating rule <1-99999> destination address 1.1.1.1
set firewall floating rule <1-99999> action accept

set firewall name Floating-Rules floating-rule
set firewall name Floating-Rules rule 10 destination address 1.1.1.1
set firewall name Floating-Rules rule 10 action accept

EDIT: Feature added within firewall refactor (T5160)

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Feature (new functionality)

Related Objects

Mentioned Here: T5160: Firewall refactor

Event Timeline

aga created this task.Jun 15 2023, 4:56 PM

Should be possible when new refactor is merged: T5160

pasik added a subscriber: pasik.Jun 15 2023, 9:05 PM

eronlloyd added a subscriber: eronlloyd.Jul 11 2023, 1:02 AM

aga closed this task as Resolved.Aug 15 2023, 3:52 PM

aga updated the task description. (Show Details)

Support for Floating Rules (Global Firewall-Rules that are automatically applied before all other Zone Rules)Closed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Related Objects

Event Timeline

Support for Floating Rules (Global Firewall-Rules that are automatically applied before all other Zone Rules)
Closed, ResolvedPublicFEATURE REQUEST
Actions