Firewall Rules: show loopback auto-rules#4868
Firewall Rules: show loopback auto-rules#4868kulikov-a wants to merge 1 commit intoopnsense:masterfrom
Conversation
|
I suspect there is some internal plumbing and rewrite that should die with said transition (loopback => lo0 correction somewhere internally), but avoiding breakage in all edge cases is difficult... |
|
We added loopback last year (57bd1f2), which was at first more or less an experiment to be able to configure direct rules on loopback (partly because additional loopbacks don't receive loopback traffic, opnsense/src#65). Now it's in, we should at least try to make sure it's as transparant as possible, will check this out when I have some time available. |
|
@fichtner @AdSchellevis thanks for the clarifications! |
|
just leave it as is, I'll take it from here |
o cleanup remnants of previous loopback construction, which is redundant with 57bd1f2 in place
|
@kulikov-a can you try bd26a58 ? the loopback seemed to be redundant indeed. |
|
@AdSchellevis works great! thanks! |
|
@kulikov-a thanks for conforming! |
o cleanup remnants of previous loopback construction, which is redundant with opnsense/core@57bd1f2 in place
3 participants
Hi!
ref. https://forum.opnsense.org/index.php?topic=22278.0
Probably more of a question than a request and definitely not urgent.
Now the "Automatically generated rules" 'pass loopback' and 'Pass all loopback IPv6' for the Loopback interface are not displayed in Firewall: Rules: Loopback.
confusing a little..
and it seems that this is due to that this rules is registered with the
loopbackinterface, and the GET request goes with the valueif=lo0.if, for these rules, only
lo0->loopbackis mapped (notlogroup)core/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
Lines 77 to 82 in ac8bb09
then perhaps we can register rules directly with the lo0 interface? then these rules are displayed in the GUI for Loopback if.
rule management is too complex and I'm probably missing something
thanks!