Core: dup-to support in firewall rules

That should basically be it, together with some validations if they apply (in the rules edit file).
Out of curiosity, what is the use case for this?

It's more targeted than port mirroring on a switch as you have the full set of port/host/src/destination/protocol/etc to choose for matching.

I wanted to try mirroring some (but not all) traffic to snort running on another more powerful machine.

I see, could be practical indeed.

There's an open freebsd bug which claims dup-to doesn't work so there might not be any point. :( https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203715

To develop and test this, I can fork this repo, make changes, then run opnsense-code and point it to my fork. Is that the right approach?

maybe you better try the pf rules first then, edit /tmp/rules.debug and reload using

pfctl -f /tmp/rules.debug

if you only need to work on core, you can fork and pull to your OPNsense box and install from there.

Tagging this "support" for now, can always transform into feature ticket. :)

Never managed to get it working with manually created rules - seems to be broken. Not sure if that's broken in general or due to changes made by OPNsense but there doesn't seem to be much point keeping this ticket open.

No-one else has requested it, and port mirroring with a managed switch allows you to do nearly the same thing (as long as you don't mind extra traffic if you were trying to match something more specific)