pfSense needs some work (At the moment)
pfSense really needs a much better User Interface. I am sure the back end is good, but the GUI needs a lot of work. From my point of view it is unworkable. Maybe I have been spoilt with firewall, but more work is needed.
1. It is possible to Alias ports/hosts and networks. But I cannot see any way to specify the port as being TCP or UDP or both. [It is there, but I think the UI needs improving]
2. The UI for selecting PORTS/HOSTS/NETWORKS are missing. You must know the exact text of the alias and type that. [UI Issue again. If you start typing the name of the alias it comes up.]
3. Also missing is the ability to group multiple HOSTS/NETWORKS into a single rule
4. Removed [WAS: None of that really matters anyway since the ALIAS is broken since it immediately breaks this back to an IP. In other words it is not SYMBOLIC.]
5. The NAT functionality is broken. You can only do NAT by port. You cannot change ALL traffic to 184.108.40.206 to go to 220.127.116.11 regardless of the port. [This may be covered under OUTGOiNG NAT or 1:1 NAT]
6. Similarly Firewall rules are on a per-interface basis. You cannot have a single rule for all ports.
All of these problems would be fixed with a GUI that created the pfSense internal configuration… Wow… A project for me.