From 713771e40d606daee3bc4fc17f92565d34562528 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 25 Jan 2026 15:39:40 +0100
Subject: [PATCH] net/haproxy: add "enabled" field to rules

---
 net/haproxy/pkg-descr                         |  1 +
 .../HAProxy/Api/SettingsController.php        |  9 +++-
 .../OPNsense/HAProxy/forms/dialogAction.xml   |  6 +++
 .../app/models/OPNsense/HAProxy/HAProxy.xml   |  4 ++
 .../OPNsense/HAProxy/Migrations/M4_2_0.php    |  3 ++
 .../mvc/app/views/OPNsense/HAProxy/index.volt |  2 +
 .../templates/OPNsense/HAProxy/haproxy.conf   | 53 ++++++++++---------
 7 files changed, 52 insertions(+), 26 deletions(-)

diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index f8ad61a80..7022ea069 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -19,6 +19,7 @@ Added:
 * add support for more sample fetches: quic_enabled, stopping, wait_end (#3702)
 * add support for HTTP compression (#4867)
 * add all action keywords for http-request/-response and tcp-request/-response rules
+* add "enabled" field to rules
 
 Changed:
 * upgrade to HAProxy 3.2 release series (#5147)
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/SettingsController.php b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/SettingsController.php
index 4231ca119..8724f3086 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/SettingsController.php
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/SettingsController.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- *    Copyright (C) 2016-2022 Frank Wall
+ *    Copyright (C) 2016-2026 Frank Wall
  *    Copyright (C) 2015 Deciso B.V.
  *
  *    All rights reserved.
@@ -206,9 +206,14 @@ class SettingsController extends ApiMutableModelControllerBase
         return $this->delBase('actions.action', $uuid);
     }
 
+    public function toggleActionAction($uuid, $enabled = null)
+    {
+        return $this->toggleBase('actions.action', $uuid);
+    }
+
     public function searchActionsAction()
     {
-        return $this->searchBase('actions.action', array('name', 'description'), 'name');
+        return $this->searchBase('actions.action', array('enabled', 'name', 'description'), 'name');
     }
 
     public function getLuaAction($uuid = null)
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index c2e70417f..e24b1e542 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -1,4 +1,10 @@
 <form>
+    <field>
+        <id>action.enabled</id>
+        <label>Enabled</label>
+        <type>checkbox</type>
+        <help>Enable this rule.</help>
+    </field>
     <field>
         <id>action.name</id>
         <label>Name</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index fe49d5d22..d246d1971 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -2228,6 +2228,10 @@
         </acls>
         <actions>
             <action type="ArrayField">
+                <enabled type="BooleanField">
+                    <default>1</default>
+                    <Required>Y</Required>
+                </enabled>
                 <name type="TextField">
                     <Mask>/^[^\t^,^;^\.^\[^\]^\{^\}]{1,255}$/u</Mask>
                     <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M4_2_0.php b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M4_2_0.php
index 4bf0305ef..e8c713f8d 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M4_2_0.php
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/Migrations/M4_2_0.php
@@ -37,6 +37,9 @@ class M4_2_0 extends BaseModelMigration
     public function run($model)
     {
         foreach ($model->getNodeByReference('actions.action')->iterateItems() as $action) {
+            // Rules have an 'enabled' field now
+            $action->enabled = '1';
+            // Migrate TCP/HTTP rules to new format
             switch ((string)$action->type) {
                 case 'http-request_add-header':
                     $action->type = 'http-request';
diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
index 8ab604f66..18c3c68a0 100644
--- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
+++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt
@@ -101,6 +101,7 @@ POSSIBILITY OF SUCH DAMAGE.
                 set:'/api/haproxy/settings/set_action/',
                 add:'/api/haproxy/settings/add_action/',
                 del:'/api/haproxy/settings/del_action/',
+                toggle:'/api/haproxy/settings/toggle_action/',
                 options: {
                 }
             }
@@ -910,6 +911,7 @@ POSSIBILITY OF SUCH DAMAGE.
         <table id="grid-actions" class="table table-condensed table-hover table-striped table-responsive" data-editDialog="DialogAction" data-editAlert="haproxyChangeMessage">
             <thead>
             <tr>
+                <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
                 <th data-column-id="actionid" data-type="number"  data-visible="false">{{ lang._('Rule ID') }}</th>
                 <th data-column-id="name" data-type="string">{{ lang._('Rule Name') }}</th>
                 <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index fb1e5c106..b6415c5c3 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -635,34 +635,39 @@
 {%           set action_enabled = '0' %}
     # ERROR: unsupported rule type
 {%         endif %}
-{#         # check if action is valid #}
-{%         if action_enabled == '1' %}
-{%           if action_data.operator == 'or' %}
-{%             set join_operator = ' || ' %}
-{%           else %}
-{%             set join_operator = ' ' %}
-{%           endif %}
-{#           # check if action depends on ACLs #}
-{%           set comment_lines = ['# RULE: ' + action_data.name] %}
-{%           if action_acls|length > 0 %}
-{%             set acl_line = [action_data.testType, action_acls|join(join_operator)]|join(' ') %}
-{%           else %}
-{%             set acl_line = '' %}
-{%           endif %}
-{%           if action_options|length > 0 %}
-{#             # handle multiline options #}
-{%             if action_multiline == '1' %}
-{%               set join_char = '\n    ' %}
-{#               # ACLs are unsupported in multiline options, remove them #}
-{%               set acl_line = '' %}
+{#         # Is this rule enabled in the GUI? #}
+{%         if action_data.enabled|default('') == '1' %}
+{#           # check if action is valid #}
+{%           if action_enabled == '1' %}
+{%             if action_data.operator == 'or' %}
+{%               set join_operator = ' || ' %}
 {%             else %}
-{%               set join_char = ' ' %}
+{%               set join_operator = ' ' %}
 {%             endif %}
-{%             do global_action_options.append(comment_lines|join('\n')) -%}
-{%             do global_action_options.append(([action_options|join(join_char), acl_line]|join(' '))) %}
+{#             # check if action depends on ACLs #}
+{%             set comment_lines = ['# RULE: ' + action_data.name] %}
+{%             if action_acls|length > 0 %}
+{%               set acl_line = [action_data.testType, action_acls|join(join_operator)]|join(' ') %}
+{%             else %}
+{%               set acl_line = '' %}
+{%             endif %}
+{%             if action_options|length > 0 %}
+{#               # handle multiline options #}
+{%               if action_multiline == '1' %}
+{%                 set join_char = '\n    ' %}
+{#                 # ACLs are unsupported in multiline options, remove them #}
+{%                 set acl_line = '' %}
+{%               else %}
+{%                 set join_char = ' ' %}
+{%               endif %}
+{%               do global_action_options.append(comment_lines|join('\n')) -%}
+{%               do global_action_options.append(([action_options|join(join_char), acl_line]|join(' '))) %}
+{%             endif %}
+{%           else %}
+    # RULE INVALID: {{action_data.name}}
 {%           endif %}
 {%         else %}
-    # RULE INVALID: {{action_data.name}}
+    # RULE DISABLED: {{action_data.name}}
 {%         endif %}
 {%       else %}
     # RULE INVALID: {{action_data.name}}