When I submitted the pull request for my le rule changes to replace the version that was crashing the firewall, I didn’t give an option to enable or disable le rules (they were always enabled).
There were some comments from QA about not being able to disable them, so I reworked into what you now see. I’m pretty happy with current structure. It gives the end user control over what the firewall actually does and removes some naive assumptions about port usage of the original Sangoma approach.
A mistake was using the existing lerules db flag for the new “responsive le rules”. The original Sangoma le rules had the option disabled by default. I changed the flag to enabled by default, but folks that upgraded the firewall during the period the original Sangoma lerules were in the wild, and did not enable the original le rules setting may find the new “responsive lerules” disabled.
I should have created a new db setting that wouldn’t have been inherited at all. If you dig through the tickets and commit comments, I’m pretty sure I brought the potential issue up, but didn’t make a fuss about it.
Most all the work was on the firewall side of the fence. I didn’t do anything with the messaging in certman itself, but adding a warning that the responsive lerules are disable makes sense.