image948×1216 11.4 KB

Why ?

I have many firewall rules and it is hard to scroll, read, and understand it.

Can you provide a more specific visual example? Each rule is, by definition, different. So it would be good to see exactly how they would be grouped to provide a clear understanding of what is the same and what is different for each rule in a grouping.

Can you provide a more specific visual example?

Each rule is, by definition, different. So it would be good to see exactly how they would be grouped to provide a clear understanding of what is the same and what is different for each rule in a grouping.

Grouping needs to be manual. And like current behavior rules will be followed from Top-to-Bottom and also when grouped same (Top-to-Bottom).

To reiterate, grouping will help organize the rules, will look clean, easy to manage, will not have to to scroll-read-understand and repeat. When Creating a new rule will not have to keep dragging-&-scrolling it.

Example situation -

1. Group Blocked Rules - Having "Block All other" rule at end and having rules grouped will make it easy to switch between "default deny" and "block what's told". For Easy diagnosis.
2. Group Apps - Apps use Rules with UDP, TCP, UDP/TCP.
3. Grouping Rules for Different firewall zones
4. Group Rules for a User Group/User
5. Many More

Sounds like a deep structural change in the firewall itself, not a mere visual grouping of rules, at least when you state "easy to manage" and "make it easy to switch between" it sounds as if the ui is then supposed to somehow perform identical actions on a whole group of rules.

Also the grouping would need to be reflected in the firewall ruleset itself, to avoid giving false impressions on which rule comes first, which next e.g.

Imagine rules 1, 2, 3, 4 visually grouped as 1, 3 and 2, 4 but processed as 1, 2, 3, 4 - a user could incorrectly assume that rule 3 is not affected by rule 2 while in reality it is when both match the same traffic (e.g. due to intersecting subnets)

Just enabling and disabling of the group

Imagine rules 1, 2, 3, 4 visually grouped as 1, 3 and 2, 4 but processed as 1, 2, 3, 4 - a user could incorrectly assume that rule 3 is not affected by rule 2 while in reality it is when both match the same traffic (e.g. due to intersecting subnets)

No I am suggesting only adjust rules to be able to group. and not what you suggested 1,3 and 2,4. This can just be a LuCI UI change

Well it can't. Luci displays the ordering of the rules as they will be checked against. If you start grouping rules or otherwise displaying them in a different way then that's more than just a UI change.

Reconsider what? The same issues, i.e. that it's a substantial change for seemingly little benefit, are still present.

If you want it implemented then you're free to do the work and submit pull requests for review.