Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Scripting a firewall rule

    Scheduled Pinned Locked Moved
    Firewalling
    3
    4
    165
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alanbaker
      last edited by

      Hi,

      I’m trying to automate a process, at the moment I’m asked to open a port on the firewall to enable an RDC connection, so I login enable the rule and a few hours later login and close the port.

      Is there a script I can write to automate this? Maybe SSH?
      Enable rule
      Wait 120 minutes
      Disable rule

      Thanks for any ideas.

      1 Reply Last reply Reply Quote 0
      • U
        Uglybrian
        last edited by

        Hi, give this a try and see if it will work for you.
        https://docs.netgate.com/pfsense/en/latest/firewall/time-based-rules.html

        1 Reply Last reply Reply Quote 0
        • A
          alanbaker
          last edited by

          Thanks for that, fixed times don’t work for my use case.
          Is it possible to have a script that when triggered enables a port - waits for a two hours then disables?

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by bmeeks

            There is no direct API available in pfSense for this, but you can get creative on your own by using the FreeBSD pfctl utility documented here: https://man.freebsd.org/cgi/man.cgi?pfctl.

            You can manipulate the pf rules directly using pfctl from a shell script. I strongly suggest first playing around with pfctl and any scripting in a test environment. Something as simple as virtual machine install of pfSense using VMware Workstation or even the Hyper-V hypervisor that ships with some versions of Windows 11 would suffice.

            Also be aware the rule syntax would be the "raw" pf syntax. That means the rules will not "look the same" as they do in the GUI in terms of how the text reads.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post