Accept/Block IPs from shell using script

rcbandit

Hi, I want to write a script that configures pfsense via ssh. What commands I need to use to configure pfsense to block IP address? Can you give me an example?

regards

jimp

All of the rules are created and edited via PHP, though there are some ways to update things in pf dynamically from the CLI, none are officially supported.

If you want to make permanent block rules, look at the "easy rule" code I wrote that is in 2.0 (or in the Dashboard package), that could probably be adapted into a CLI PHP script to do a similar task.

rcbandit

can you tell how to disable this

*** Welcome to pfSense 1.2.3-RELEASE-pfSense on pfSense-VM ***

WAN*                    -> em0 -> 192.168.1.117(DHCP)
  LAN*                    -> em1 -> 192.168.1.111

pfSense console setup

---

0)  Logout (SSH only)
1)  Assign Interfaces
2)  Set LAN IP address
3)  Reset webConfigurator password
4)  Reset to factory defaults
5)  Reboot system
6)  Halt system
7)  Ping host
8)  Shell
9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator
12)  pfSense Developer Shell
13)  Upgrade from console
14)  Disable Secure Shell (sshd)

Enter an option:

maybe when I login configuration file is executed. Can you tell me where I can find it and edit it allays to be option 8(SSH).

I think that I can write script witch can connect with pfsense via SSH and reconfigure pf rules with the command pfctl.

jimp

Login to ssh as the root user, not admin. The admin account is locked into the menu, root is not.

rcbandit

I tryed ssh root@192.168.1.111

But still the appears the same.

Tell me witch configuration file I must edit?

jimp

if you ssh in as root, yes, that will appear.

However, you can execute commands remotely using ssh and that works

root@chomp:~# ssh root@192.168.130.8 "ls -l"
Password:
total 22
-r–r--r--  1 root  wheel  798 Dec 18 12:21 .cshrc
-rw-r--r--  1 root  wheel    0 Dec 18 16:10 .first_time
-r--r--r--  1 root  wheel    0 Dec 18 14:41 .hushlogin
-r--r--r--  1 root  wheel  303 Dec 18 12:21 .login
-rw-r--r--  1 root  wheel    0 Dec 18 16:10 .part_mount
-r--r--r--  1 root  wheel  258 Dec 23 19:58 .profile
-r--r--r--  1 root  wheel  129 Dec 23 19:58 .shrc
-rw-r--r--  1 root  wheel    1 Dec 18 16:10 .tcshrc
-rw-r--r--  1 root  wheel  109 Dec 23 19:57 latest.tgz.sha256
drwxr-xr-x  4 root  wheel  512 Dec 21 16:47 pfsense
-rw-r--r--  1 root  wheel  6569 Dec 22 19:21 test.txt

When you script something with ssh, it shouldn't just login and then expect a shell prompt.

If you need more information that that, it's all general unix/freebsd stuff, and really quite unsupported so you'll be on your own.

rcbandit

I don't need to see the result.

The script that I will use will execute one way commands. I don't need output.
Please, tell me where to find the file that force pfsense to ask every time then I login

*** Welcome to pfSense 1.2.3-RELEASE-pfSense on pfsense-vm ***

WAN*                    -> em0 -> 192.168.1.117(DHCP)
  LAN*                    -> em1 -> 192.168.1.111

pfSense console setup

---

0)  Logout (SSH only)
1)  Assign Interfaces
2)  Set LAN IP address
3)  Reset webConfigurator password
4)  Reset to factory defaults
5)  Reboot system
6)  Halt system
7)  Ping host
8)  Shell
9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator
12)  pfSense Developer Shell
13)  Upgrade from console
14)  Disable Secure Shell (sshd)

Enter an option:

jimp

What I suggested in the last message will work, regardless of whether or not you need the output. That is the proper way to remotely execute ssh commands.

If you really want to get rid of the menu, remove the contents of /root/.profile, and then when you login as root it will just go to a shell prompt.

rcbandit

ok, thank you!

best wishes