I noticed on the "Firewall: Rules" pages you can click on the "Green
Arrow", "Red X" or "Orange X" to temporarily disable or enable a
This is a very handy little feature - Even if it is sort of hidden. :)
I have two feature requests that are related which would help
tremendously with debugging:
1. Instead of displaying the logging icon next to a rule ONLY when a
rule has logging enabled, put up a solid, colored logging icon when a
rule is set to log and a grey logging icon when a rule is not configured
to be logged.
Then, using the same logic as is used with the one-click toggle feature
for enabling/disabling a rule, allow clicking on the logging icon to
toggle between logging and not logging for that rule.
2. In addition, perhaps 2 more buttons or icon toggles at the bottom or
top of the page:
1. Log ALL (user-defined) Rules
2. Log NO (user-defined) Rules
These two would act ONLY on the rules on the interface currently being
displayed. That is if you were on the LAN Interface Rules page, all
rules affecting the LAN interface could be toggled with this icon, but
rules on the WAN/DMZ/OPTxx would not be affected.
3. Log packets blocked by default rule
(I know this last one is under "Diags-> Logs-> Settings, but having it
handy on the Rules page(s) might be helpful - then again it might just
be more confusing and cause more clutter to otherwise clean format -
maybe we could skip this one)
* I noticed that at the bottom of the page there is already a
grey logging (disabled) icon, but that is currently only used when a
rule with logging defined has been disabled.
I may be a bit anal-retentive, but I log all of my m0n0walls to remote
syslog servers, and sometimes when things are not behaving as expected,
having a way to temporarily/quickly log a certain rule while tailing a
syslog file would be very helpful.
Sorry to be so long-winded, but I hope this makes some sense. Any
thoughts, comments, ideas?