Adding in to Alias and reload firewall from command line?
-
Hi,
I want to add an IP in to "BannedIPAlias" which I use to ban attacker IP's Alias and restart firewall in the command line or programaticly?I want to add this command in to bash cron file and run.
Is this possible?
Regards,
Mucip:) -
You do not need to restart the firewall in order to do what you want. The
pfctl
utility lets you dynamically add or remove addresses from existingpf
tables. Here is the documentation: https://man.freebsd.org/cgi/man.cgi?query=pfctl(8).Here is the pfSense documentation for viewing Alias Table contents: https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html. Look there and you will see the automatically created pfSense alias tables. And here is the documentation for Aliases: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#aliases.
pfSense stores aliases as tables in the
pf
firewall engine. You can use thepfctl
utility to manipulate the IP addresses stored in an alias table. Then, in the pfSense firewall rules, create a rule that uses your alias table as either the SOURCE or DESTINATION target.Since you already have the BannedIPAlias, then you should see it listed when viewing tables under DIAGNOSTICS > TABLES. It should show whatever IP addresses you have added to it. You can add or remove addresses from the table dynamically using
pfctl
. -
Hi @bmeeks,This is very good news.
I will check. Thank.Regards,
Mucip:) -
Hi @bmeeks,
I've got it. Thanks...
https://forum.netgate.com/topic/69891/modify-aliases-from-ssh-shell/8pfctl -t Yasakli_IPler -T add 1.2.3.4
Regards,
Mucip:) -
@mucip said in Adding in to Alias and reload firewall from command line?:
Hi @bmeeks,
I've got it. Thanks...
https://forum.netgate.com/topic/69891/modify-aliases-from-ssh-shell/8pfctl -t Yasakli_IPler -T add 1.2.3.4
Regards,
Mucip:)Correct. I was away and unable to reply immediately. But I see you found the correct command sequence.
pfctl
is a powerful command-line tool. -
Hi @bmeeks ,
Houston... We've got a problem. :)With this command I can see added IP in Menu>Diagnostic>Tables.
But I can not see same IP in Menu>Firewall>Aliases>Yasakli_IPler
Blocking is working but I can not see it in Aliases menu?
Regards,
Mucip:) -
@mucip said in Adding in to Alias and reload firewall from command line?:
Hi @bmeeks ,
Houston... We've got a problem. :)With this command I can see added IP in Menu>Diagnostic>Tables.
But I can not see same IP in Menu>Firewall>Aliases>Yasakli_IPler
Blocking is working but I can not see it in Aliases menu?
Regards,
Mucip:)The Aliases menu does not read from the
pf
table. It stores its data in the firewall'sconfig.xml
file. The contents of that data is modified when you make changes in the GUI, and then when the filter reload command is issued topf
by the GUI,pf
will create the tables given to it by the GUI code and load the IP addresses supplied by the GUI.What you are doing is totally outside the GUI process (which is driven by PHP code). You are using a FreeBSD utility to directly modify the table's content at runtime. The firewall portion of the GUI will not see that, but the binary code of the firewall engine (
pf
) will see that change and act upon it. That's why the blocking is working.I thought you simply wanted a way to add one or more IPs to an existing alias at runtime on a temporary basis. Generally when doing something like
fail2ban
you just want to ban the IP for some period but not forever. Using thepfctl
utility to add the IP directly into thepf
runtime table will block that IP until the firewall reloads itself (triggered by something you do in the GUI by making certain changes) or when the firewall reboots.There is no way to add IPs directly into the GUI at runtime from a third-party script without editing the
config.xml
file, and doing that on the fly is extraordinarily risky and likely to break the firewall completely. -
Hi @bmeeks ,
Ok. I will try to live with this fact. Thanks... :)Regards,
Mucip:) -
@mucip said in Adding in to Alias and reload firewall from command line?:
Hi @bmeeks ,
Ok. I will try to live with this fact. Thanks... :)Regards,
Mucip:)You can see the IP addresses you add at runtime by going to DIAGNOSTICS > TABLES in the pfSense menu and then choosing the table name correspondig to your alias. Literally that PHP code runs the same
pfctl
utility to dump out all thepf
tables and their content for display.But the GUI stuff under FIREWALL > ALIASES won't see things you do directly in the
pf
tables usingpfctl
yourself.