Hi,
I'm sorry if this has been asked already or is already implemented, as I have found it nowhere..
Imo it would make firewall rules much easier as a whole, being able to define firewall port-groups, but also single firewall-ports/-services aswell (equally to the ones stored in /etc/services).
They could be stored at the end of /etc/services or in a separate file similiar to it (the latter would probably be preferred).
To not mess up the firewall-rule syntax, the name should probably only allow for a-Z,0-9 and perhaps '_' , no '-' and spaces.
Example CLI-Usages:
set firewall ipv4 forward filter rule 20 destination port '8443_MGMT,ssh,http,https,20-21'
set firewall group port-group MGMT-Ports port 8443_MGMT set firewall group port-group MGMT-Ports port 443
set nat destination rule 20 destination port 8443_MGMT set nat destination rule 20 translation port 443
Possible commands for defining new service-definitions:
set firewall service name 8443_MGMT port 8443 protocol [tcp/udp/tcp_udp/etc.]
or a new subtree for greater expansion in the future:
set firewall definitions service name 8443_MGMT port 8443 protocol [tcp/udp/tcp_udp/etc.] set firewall definitions groups [address-group, domain-group, network-group etc.] set firewall definitions fqdn-host name WEB01 fqdn web01.example.com set firewall definitions ip-host name WEB01 ipv[4/6] 192.168.0.2 -> eg. set firewall ipv4 forward filter rule 20 destination ip-host WEB01
Thanks in advance and also for the fantastic work over the years!!