Hi

We use access lists & port knocking on external CCR. Internal fw netscreen has SQL open to world when we port knock on perimeter CCR.

Its very easy to delete move the wrong rules on Microtik.

I do put a comment on rules do not DELETE or Move but mistakes easy and effect could be disaster.

On Firewall Rules could you add one day right click rule, "LOCK"

So later move or delete a rule I would have to Unlock the Lock by right clicking the rule. "UNLOCK"

Would make me sleep at night and would help me fat finger mistakes ...

Cheers

Tony

This could be useful function. I vote for it.

I can see a lock being useful for accidental modifications and deletions, but in terms of movement...

What should happen if you have 4 rules, lock the 2nd, and try to drag the 4th rule above the first?

Should the move...
1. Fail completely (because it passes over a locked rule)?
2. Stop at the point below the 2nd (because that's where the first lock in its path occurs)?
3. Complete successfully overall (since neither the source or target are themselves locked)?

Whatever YOUR answer is, chances are the ideal would be different for everybody... Personally, I'd be in favor of either 1 or 2, but not 2, as the same "reflexes" that can cause you to delete a rule you didn't mean to will make you move a rule to a place, and make you believe it's moved correctly, though it's moved, but not correctly.

Yeah. Definitely it is not easy. What about general lock locked by default automatically when user logs in? Or just confirmation popup when movement or deletion is invoked?

How about "Are you sure?"

That's what I wrote: confirmation popup.