Can we extend the source/destination matching options to allow us to use groups?
- Difficulty level
- Normal (likely a few hours)
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Perfectly compatible
I wonder if we can even extend groups even further into the NAT rules as well.
Further, I think it'd be good if we can specify multiple inbound-interfaces in wan load-balancing - for example, for exclude lines where we'd like to exclude addresses from wan load-balancing for multiple VLANs.
Multiple inbound-interfaces was going to be the next task I raised for wan load-balancing :). We should probably change the name of the option to something more descriptive of what it does. exclude-traffic-from-interfaces or similar.
Another interesting option is glob matches, iptables allows you to specify a + at the end of the interface name. Lets also allow for that so w can exclude ipsec/openvpn etc etc... tunnels in a single command