Enhance rule inspection with bytes, packets, and stage support in firewall rule tests #699
Description
✅ 1️⃣ API: Firewall Rules - Add Traffic Data Fields and Stage Classification
📌 Objective:
Provide enhanced visibility into each firewall rule's actual usage and traffic volume to assist in performance analysis and rule auditing.
✨ Enhancement Request:
Include the following new fields in the firewall rules API response:
bytes: Total amount of traffic (data volume) passed through the rule.
packets: Total number of packets matched by the rule.
stage: Optional classification indicating the rule’s operational status (e.g., active, idle, deprecated).
🗂️ Data Source (manual example):
Command: pfctl -sr -v
This command shows rules with associated packet/byte counts.
Example output:
@100 pass in quick on em0 proto tcp from any to any port = 443 keep state (100 packets, 20480 bytes)
✅ 2️⃣ API: GET /stages - Traffic Session Lookup by Parameters Optional Get Stages default?limit=100
📌 Objective:
Allow administrators to quickly identify active traffic sessions based on key criteria such as source IP, destination IP, or port.
✨ Enhancement Request:
Add a new API path (e.g., /stages/search) to support filtering sessions using:
src: Source IP address
dst: Destination IP address
port: Destination port (TCP/UDP)
The API should return a list of sessions matching the provided filters.
🗂️ Data Source (manual example):
Command: pfctl -ss
This shows current active sessions (states).
Example output:
all tcp 192.168.1.100:56789 <- 10.10.10.5:443 ESTABLISHED:ESTABLISHED
📌 Final Note:
We strongly hope these features can be released as soon as possible because:
Daily pfSense administration requires practical traffic visibility.
Helps with quick identification of underused or excessive rules.
Facilitates real-time diagnostics for network operations.
Improves rule and session management efficiency in any environment running pfSense.