add [Interface] groups

5 years ago · 53033a0271
parent 1f1f9c6ca5
commit 53033a0271
3 changed files with 34 additions and 0 deletions
--- a/source/firewall.rst
+++ b/source/firewall.rst
@ -21,6 +21,7 @@ These are all combined in the firewall section.
   manual/nat
   manual/nptv6
   manual/shaping
+   manual/firewall_groups
   manual/how-tos/shaper
   manual/how-tos/carp
   manual/diagnostics
--- a/source/manual/firewall.rst
+++ b/source/manual/firewall.rst
@ -88,6 +88,8 @@ When receiving packets from untrusted networks, you usually don't want to commun
 Processing order
 ....................

+.. _Firewall_Rule_Processing_Order:
+
 Firewall rules are processed in sequence, first evaluating the **Floating** rules section followed by all rules which
 belong to **interface groups** and finally all **interface** rules.

--- a/source/manual/firewall_groups.rst
+++ b/source/manual/firewall_groups.rst
@ -0,0 +1,31 @@
+===========================
+[Interface] Groups
+===========================
+
+To simplify rulesets, you can combine interfaces into **Interface Groups** and add policies which will be applied to
+all interfaces in the group.
+
+Since interface groups are processed before normal interfaces, you shouldn't have issues with overlapping rules in
+the interface tabs itself. More details about processing order can be found  :ref:`here <Firewall_Rule_Processing_Order>`
+
+
+.. Note::
+
+    For multiwan setups be careful with groups, since groups are not bound to a specific interface, they will
+    use the normal routing system to determine the next hop when applied on WAN type interfaces (:code:`reply-to` is not used here).
+
+
+--------------------
+Settings
+--------------------
+
+Groups are actually pretty easy to setup and don't require a lot of settings.
+
+=====================================================================================================================
+
+====================================  ===============================================================================
+Name                                  The technical name of the group. Has some restrictions which also apply
+                                      to the underlying operating system.
+Description                           A user friendly description, informational use only
+Members                               Member interfaces
+====================================  ===============================================================================