pfSense firewall rule processing order whith multiple interface groups

Hi,

I have several LANs and DMZs in my network for different purposes (using VLANs to separate them).

So I created a bunch of interface groups that sometimes overlap (that is, the same interface can be in more than one interface group.

According to the documentation, interface group rules are processed before interface rules, my question is, how can I control (or at least know) in which order are group interface rules processed.

For instance, if interface LAN3 belongs to interface groups LANs_ALL and INTERNAL_ALL, how do I know if rules in INTERNAL_ALL are applied before or after LANs_ALL, or, better yet, could I control this order?

Any help is appreciated.

Not something I have tested, if no one here has an answer you might want to post in the Netgate forums.

1 Like

Thank you, Tom.

I just did so, I leave the link here so if it gets solved there anyone can reach it easy from here.

With some help from someone in that forum I was able to deduce that interface groups rules are sorted alphabetically by interface group name (which may create unexpected effects if later on you change an interface group name, see example here).

1 Like