Can I place all firewall rules on a single page, rather than only 200?

[thunderrd 1]

Is there some 'hidden' option to allow all the rules to be placed on the same single page?  I find it is extremely difficult and inconvenient that I can only see 200 rules; it creates problems when moving rules on the 2nd page to the 1st and vice-versa.  It is also impossible to search the entire set of rules for a string.  The search function only sees the current page.

For example, I install a new Nvidia driver, and I add rules for the nvcontainer and etc.  These rules go to the bottom of the list.  Then, I use the search function when on the 2nd page, and see only the new rules.  It does not display the old rules [which are on the first page].  I want to move the new rules up the list to where the old ones are, and then delete the old rules.

Unless I'm daft, I don't see any easy way to do this when dealing with 2 separate pages of rules.

It would be nice to be able to specify either 'show all rules on one page' or 'number of rules on a page: 100, 200, etc" to our own liking.  Some might like that it truncates the rules list at 200, but I think it is highly inconvenient when manipulating rule order.

Any suggestions?  Is there a configuration file that holds this information that I can edit manually?

[Marcos 5,070]

Unfortunately this is not currently possible, however, the rule editor is subject to further changes and improvements to improve user experience.

[peteyt 393]

5 hours ago, Marcos said:

Unfortunately this is not currently possible, however, the rule editor is subject to further changes and improvements to improve user experience.

Is there no way to make the search work on more than the first page as this would be a start

[Marcos 5,070]

I've reported your suggestions for improvement to developers. I can't think of a way how to work around it currently.

[itman 1,659]

Personally, I don't see the issue here.

Existing Eset firewall rules are shown in the GUI in a scroll-able window. Believe for some reason, users are not aware of this capability. Or, the scroll bar on the right hand side of the screen display is not being shown for them.

Do only 200 rules max. show in the scroll-able window?

Edited October 14, 2020 by itman

[thunderrd 1]

3 hours ago, itman said:

Do only 200 rules max. show in the scroll-able window?

Yes, and this is the problem.  If a rule is #205 and you want to move it to be #190, you can't simply use the ^ button.  You can only move the rule to position 201 [the first rule on the second page].  It is mind-boggling that the editor does not have the capability to move it to any position in the ruleset.

So you have to work around it by using a bunch of user shenanigans: 1)move the rule to the top of the second page[#201], 2) delete rule #200, so that #201 moves onto the first page, replacing #200, 3)move it to the position on the first page where you want it, 4)manually create and add the rule that used to be #200, now it will be #201, at the top of the second page.

It's a mess, and I see no other way to do it.  The editor is simply not built to correctly handle rule order manipulation, especially if there are more than 200 rules.  Why not simply have a selection button at the bottom of the list that selects how many rules are to be visible on a page?  Like Google: How many results to be shown on one page? 20/50/100/200/300

But it doesn't stop there.  It isn't even convenient to re-order rules when there are only 200 of them, either.

The capability to order the rules in the rules editor is sorely lacking in features that the old interface had.  A glaring one is the inability to drag/drop the rules into position; this we were able to do before this inferior ruleset editor replaced the old one.  So, if a rule is say, #190 and you want it to be #60, you have to hit the little ^ button 130 times to get it there.  What dev in their right mind made that decision?

Couple that shortcoming with the inability to move rules between pages of the list and it is a big fail.  Don't get me wrong; I have been an ESET user for more than 15 years and have complete faith in the function of the software, but to be honest, it isn't particularly user-friendly anymore.

I complained about the lack of drag/drop and other regressions 4 YEARS AGO, in this thread: https://forum.eset.com/topic/9625-eset-9x-ui-is-a-total-disappointment-much-worse-than-before/

And itman, you were a contributor to that thread as well.

That was when it was version 9.x.  It's now at 13.x and NOTHING has been done.  Marcos reported it to the devs then.  Apparently it is not an important enough feature to be worked on.

 

Edited October 14, 2020 by thunderrd

[itman 1,659]

1 hour ago, thunderrd said:

Yes, and this is the problem.  If a rule is #205 and you want to move it to be #190, you can't simply use the ^ button.  You can only move the rule to position 201 [the first rule on the second page].  It is mind-boggling that the editor does not have the capability to move it to any position in the ruleset.

I'm wondering if Eset firewall was set initially to Learning mode and after the learning period expired, the firewall would then be set to Interactive mode. My thinking here is the developers would have anticipated firewall rules exceeding 200 in this scenario and made accommodations for this in the scroll window size.

[thunderrd 1]

7 hours ago, itman said:

I'm wondering if Eset firewall was set initially to Learning mode and after the learning period expired, the firewall would then be set to Interactive mode. My thinking here is the developers would have anticipated firewall rules exceeding 200 in this scenario and made accommodations for this in the scroll window size.

It has always been set in Interactive mode.  I have tried Learning mode and it exhibits the same behavior.  Hard limit of 200 rules per page, and no way to move a rule from one page to another without my workaround.

I'd love to hear from a dev who would like to move a rule from page 2 to page 1.  How would he do it?

Maybe it's like that silly rumor that Bill Gates once said that '640K is more memory than anyone will ever need.'   Are 200 rules all anyone would ever need?

[thunderrd 1]

I wanted to add this to my last post, but apparently I do not have permission to edit my own posts.

Another thing that is a problem related to all this is when writing a new rule from scratch, using the 'add' button, the new rule always descends to the bottom of the page you are on in the rule editor.  Of course, that means continually getting a finger sprain from clicking the 'up' button to locate it after writing it.

I feel that when I highlight a rule and push the 'add' button, the rule I write should be generated in that location, under the rule I have highlighted, not at the bottom of a 200-rule first page list of rules.  I don't think I'm alone in that thinking.  It would certainly make the interface easier to use.

 

@Markos, can you check why I can't edit my posts?  I could before, but that capability is gone now for some reason.

[peteyt 393]

2 hours ago, thunderrd said:

I wanted to add this to my last post, but apparently I do not have permission to edit my own posts.

Another thing that is a problem related to all this is when writing a new rule from scratch, using the 'add' button, the new rule always descends to the bottom of the page you are on in the rule editor.  Of course, that means continually getting a finger sprain from clicking the 'up' button to locate it after writing it.

I feel that when I highlight a rule and push the 'add' button, the rule I write should be generated in that location, under the rule I have highlighted, not at the bottom of a 200-rule first page list of rules.  I don't think I'm alone in that thinking.  It would certainly make the interface easier to use.

 

@Markos, can you check why I can't edit my posts?  I could before, but that capability is gone now for some reason.

I believe its to prevent spam as the forum had some spam bots creating posts then often quite a bit later reediting them to add spam links. I think only mods and very active users can edit things now 

[itman 1,659]

One possible solution to this issue is to redesign the Eset firewall to use multiple rule sets as done in the Comodo firewall: https://help.comodo.com/topic-72-1-766-9175-Firewall-Rule-Sets.html

What Comodo has done is eliminate for the user the proper sequence in how rules should be executed by creating network traffic categories and then executing those categories in the proper sequence. For example, there is an outgoing only category where I assume most users would add their outbound app traffic monitoring rules. 

The multiple rule set concept eliminates all rules being shown in one global rule set and the problems displaying, maintaining, and navigating a large single rule set.

[thunderrd 1]

1 hour ago, itman said:

One possible solution to this issue is to redesign the Eset firewall to use multiple rule sets as done in the Comodo firewall: https://help.comodo.com/topic-72-1-766-9175-Firewall-Rule-Sets.html

What Comodo has done is eliminate for the user the proper sequence in how rules should be executed by creating network traffic categories and then executing those categories in the proper sequence. For example, there is an outgoing only category where I assume most users would add their outbound app traffic monitoring rules. 

The multiple rule set concept eliminates all rules being shown in one global rule set and the problems displaying, maintaining, and navigating a large single rule set.

That would be great, but it's actually overkill for what I'm talking about. 

A simple 'expert mode' that could be toggled wherein someone who knows what he is doing can move the rules where they want would be fine.  It shouldn't be 'on' by default for less experienced users, but for those of us who want it, it's invaluable.

peteyt's idea about allowing the search function to access ALL of the pages of rules would also be an acceptable measure; that way we could search for say, all rules that contain 'foo' and have it return ALL of them, no matter where they are located in the ruleset.  Then we can move the rule we want to move into a position with the others.  This bypasses the 200-rule limitation on the pages by displaying only the rules we want to see.  We can then move them relative to each other within the displayed search results.

I don't see why either of these suggestions would be too difficult to implement from the dev's POV.

In the 'old' editor we were able to move both individual rules AND multiple selections via drag and drop.  I still am struggling to understand why the functionality was removed.

And I still want to know what a dev would say when he discovers that rule #203 can't easily be moved into position #195.  Maybe Marcos can pose that question and let's see what they say.

Edited October 15, 2020 by thunderrd

[peteyt 393]

18 hours ago, thunderrd said:

That would be great, but it's actually overkill for what I'm talking about. 

A simple 'expert mode' that could be toggled wherein someone who knows what he is doing can move the rules where they want would be fine.  It shouldn't be 'on' by default for less experienced users, but for those of us who want it, it's invaluable.

peteyt's idea about allowing the search function to access ALL of the pages of rules would also be an acceptable measure; that way we could search for say, all rules that contain 'foo' and have it return ALL of them, no matter where they are located in the ruleset.  Then we can move the rule we want to move into a position with the others.  This bypasses the 200-rule limitation on the pages by displaying only the rules we want to see.  We can then move them relative to each other within the displayed search results.

I don't see why either of these suggestions would be too difficult to implement from the dev's POV.

In the 'old' editor we were able to move both individual rules AND multiple selections via drag and drop.  I still am struggling to understand why the functionality was removed.

And I still want to know what a dev would say when he discovers that rule #203 can't easily be moved into position #195.  Maybe Marcos can pose that question and let's see what they say.

As shown on this recent post the firewall rule area is simply badly designed and something that I and others have brought up multiple times. Apparently it is something they are looking into 

 

The biggest annoyance for me is the fact rule names have uneeded text in front of them. What would work best is seeing the program e.g. program.exe and having an icon alongside this so users could see what program it was clearly.

I get why we can't view the rules by name like it once was due to the rules working by order but we should at least be able to read the rules in a far more user friendly mode. Just because the average user shouldn't need to visit this area doesn't mean it shouldn't be easy to navigate, use etc. 

Edited October 16, 2020 by peteyt

[itman 1,659]

I have been asking for filename wildcard support for years in Eset HIPS rules. Initially it was stated that would be included in a subsequent release. That was 5 years ago.

Bottom line - don't expect Eset GUI changes to the HIPS or firewall. I know Eset HIPS was developed by a third party. Same might be true for the firewall.

Edited October 15, 2020 by itman

[thunderrd 1]

34 minutes ago, itman said:

Bottom line - don't expect Eset GUI changes to the HIPS or firewall. I know Eset HIPS was developed by a third party. Same might be true for the firewall.

And that, sir, just might be the deal-breaker.  But I guess it's our choice to stay or go... this is a business, after all.  Users don't have too much say in the costs of development.

15 years is a long time to stay with a software, after all.  It's probably time to move on, and take my suggestions elsewhere.

Edited October 15, 2020 by thunderrd

[Marcos 5,070]

3 hours ago, itman said:

I have been asking for filename wildcard support for years in Eset HIPS rules. Initially it was stated that would be included in a subsequent release. That was 5 years ago.

Actually an asterisk is now supported within the path to substitute a folder. As for wildcard support at the end of the path, we'll see if it could be implemented within the following months since the primary focus is now on HIPS improvements for the ESET Enterprise Inspector. As a commercial developer we must carefully decide about where to invest resources and highly demanded features are of top priority.

As I have stated, the rule editor is subject to overhaul and we would like to improve user experience with it.

[Marcos 5,070]

3 hours ago, itman said:

Bottom line - don't expect Eset GUI changes to the HIPS or firewall. I know Eset HIPS was developed by a third party. Same might be true for the firewall.

I have to correct you, HIPS was developed by ESET from the ground and the same holds true for the firewall as well.

Basically it's only the password manager which was not made by us but our developers worked on integration to our products.

[itman 1,659]

19 minutes ago, Marcos said:

Actually an asterisk is now supported within the path to substitute a folder.

What I need is wildcard support in the filename; e.g. C:\*.lnk. Plus global path capability; e.g. *\psexec.exe, which will block program startup regardless of what directory it resides in.

Edited October 15, 2020 by itman

[thunderrd 1]

7 hours ago, Marcos said:

As I have stated, the rule editor is subject to overhaul and we would like to improve user experience with it.

I am eagerly anticipating this. Regaining some of this loss of functionality from the old editor is welcome.  

[peteyt 393]

14 hours ago, Marcos said:

I have to correct you, HIPS was developed by ESET from the ground and the same holds true for the firewall as well.

Basically it's only the password manager which was not made by us but our developers worked on integration to our products.

Its good to hear. I haven't got an issue with the design of the product overall but as stated the firewall rule area for an example is very non user friendly so any improvements is a win.