firewall: live view improvments

[devNan0]

Add:

• does not contain filter condition
• is not filter condition
• proto filter

Changed:

• Sorting of interface_name

Remove:

• Duplicate dst entry in filter_tag list

Closes: #4299 and #4365 point 3

Work in Progress

[lattera]

I could make use of this in several OPNsense deployments. Any objections to merging this?

[AdSchellevis]

yes, it's in draft state for good reasons.

[AdSchellevis]

@lattera while here, can you check https://github.com/HardenedBSD/hardenedBSD/issues/388 by the way. one of our people found the reason why dtrace didn't work on our end.

[lattera]

yes, it's in draft state for good reasons.

I'm curious what those reasons are.

[devNan0]

Ahhh... Sorry shame on me... forgot about the last points. Will commit and finish this draft in the next days.

Sorry for the delay :(

[devNan0]

Changed sorting of interface_name
Before:

After:

Added proto filter option to solve #4365 point 4

But i don´t really know how to implement host and port filter without a mess in the code.
@AdSchellevis maybe you could give me a hint.

[TheLinuxGuy]

Thanks for working on this! I was also looking for "is not" filtering.

[AdSchellevis]

@devNan0 thanks, I've pulled it in in different commits while testing the functionality. not sure what the intent of "proto" was since protoname is already the translated variant (udp, tcp). feel free open another ticket / PR to discuss further additions.