Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Network Security: Enhanced Search for Packet Filter Rules

I want to search Source/Target/Service/Grouping/State/Comments fully with operators. It would be nice to search IP's inside of groups, and objects for example, and string together searches using AND , OR, NOT etc...

27 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    euroscripteuroscript shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    M. LangeM. Lange shared a merged idea: Packet Filter: One Line Display for Rules  ·   · 

    7 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Ludovic PenyLudovic Peny commented  ·   ·  Flag as inappropriate

        Could be a good idea to enhance the use of the groups in rules. Instead of simply putting a label on a rule, the creation of a group will also add a "separator" in the rules view.
        The rules of this group are all listed under this separator and the admin can expand/collapse all the rules by clinking on the separator.
        When collapsed the separator can indicate the number of rules present in the group.
        This could be a good help for admin that begins to have a lot of rules (in SUM too).

      • Anonymous commented  ·   ·  Flag as inappropriate

        hi Astaro (Angelo?), any progress on this, can you name a release you are planning. Please see also my comment 11 months ago... thx

      • Luis EnriqueLuis Enrique commented  ·   ·  Flag as inappropriate

        This feature will be very usefull if it in implemented in astaro command center too,
        i have many ASG conected to an ACC an it is very very dificult to search and filter packet filter rules where are deplyed etc..

      • Anonymous commented  ·   ·  Flag as inappropriate

        I have around 50 Rules (I'm sure there are installations with even much more rules) to control the traffic between different VLAN's and Zones. Since one rule is that high and consumes a lot of space on the screen it looks impossible to manage the rule base in a smart way.
        Therefore I would strongly suggest reducing the high of an individual rule to the minimum. So the complete rule set becomes clearer.
        The rules should also be arranged more in a tabular way (source; destination; service; action; log; ...). This way it would be much easier to have a complete view of the rule.
        I fully agree the today lock and feel of the rule base is a security issue.

      • Sigurd UrdahlSigurd Urdahl commented  ·   ·  Flag as inappropriate

        I just want to say that I whole-heartedly agree that the interface for handling larger packetfilter (or collections of definitions) is not good enough. I haven't used v6, upgraded directly from v5, but in this regard v7 is not an improvement.

        I hope Astaro could improve this, at least in v8.

        -sig

      • euroscripteuroscript commented  ·   ·  Flag as inappropriate

        Yeah, I also miss the good old V6 Search functionality !
        Having a big to huge system of rules is now very painfull and less secure, because of that shitty "search" in Astaro!!!

        But the guys @astaro are to lazy to study their own new concept of storing things in DB!
        Before it was a simple "grep -i" through different config-files, therefore combining values to search for - was pretty easy to implement for the unix/linux guys @astaro. Now all config is stored in DB. So the good old Unix guys are helpless ;-)
        Hey coder-guys@astaro take a closer look @ DB-queries, you're selling a professional product!!!

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        If you are using Windows, try downloading the free Notepad++ and replace Windows Notepad in the file associations. It reads the Astaro logfiles correctly.

        Cheers - Bob
        PS This issue was discussed last year in the Astaro User BB: www.astaro.org

      Feedback and Knowledge Base