Generally speaking, I’d think the firewall rules page should be similar to what I think the virtual hosts page should be (and also isn’t)–all the active rules should be listed there, and ideally should be able to be adjusted there. But for services managed by Neth, we shouldn’t require admins to know port numbers, tcp/udp, etc., nor to manually enter network addresses–the admin should be able to say that, e.g., ejabberd should be available on red/orange/blue/green, and Neth figure out the rest.
I’d think the ideal arrangement would be that this could be specified, in this way, from the firewall rules page (perhaps with an “advanced” option to make more detailed changes to the rules). But, as we’d previously discussed with respect to the virtual hosts issue, that means that one page needs to know about everything that might be installed, what ports it needs, on which protocols, etc. So if it isn’t practical to do it this way, it could link to the relevant settings for whatever modules are installed. But at a minimum, all the applicable rules should at least be visible there.