Option to not have VIPs automatically used by services

[nwo422]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

For the purpose of running multiple services on same ports on different Virtual IPs, it would be nice to have an option to not have VIPs automatically used by the services running on that interface.

For example, in my use case I run AdGuard and Maltrail plugins and would like to be able to use their web interface on a separate VIP with standard HTTPS(443), but I can't because even if I add a VIP to the management interface, the default OPNsense UI automatically binds to it. Another use case would be Unbound and AdGuard not being able to run on port 53.

Describe the solution you like

Having the VIPs listed as separate, selectable item in the UI wherever there is an option to bind a service to an interface would offer great flexibility. Alternatively having an option in the VIP management screen to exclude it from being listed as a possible listening IP when the interface IP addresses are queried, would also be great.

Describe alternatives you considered

The workaround is obviously to use different ports as I'm currently doing, but having either of the options described above would make it much simpler and more elegant solution.

Additional context

https://forum.opnsense.org/index.php?topic=23846.0
#4554

Thanks for the consideration.

[fichtner]

Groundwork was added for this feature which was more complicated than previously thought. Should expect the feature to be implemented next week in time for the next development version bundled with 21.7.4.

Cheers,
Franco