For the case of WAN and LAN, I agree that an interface list should be used as then the changes cascade downwards to all other aspects.This is a show case of why it's better to use in-interface-list in firewall rules than in-interface (and likewise out-interface-list instead of out-interface) ... when physical interface for certain logical connection changes (e.g. WAN connection changing from ether1 to pppoe-out1) it's only necessary to change interface list membership instead of changing interface name in number of rules.
MT's default FW builds on interface-lists for quite some time now. It's really a pity that people still go and demolish default FW, replacing it with some cludge (often inspired by questionable YT tutorials) without knowing what they're doing and why.
More generally, I'd agree if there were multiple interfaces or if it became cumbersome because of frequent changes. On the flip-side to this, you'd end up with lots of interface lists if you're having to create them for each interface that you want to create unique rules for.
I don't think it's a one size fits all.
Statistics: Posted by ColinM9991 — Thu May 30, 2024 8:08 pm