Change the LAN firewalling
-
Hi,
-
I did a mistake : i disabled by error all the traffics in the LAN subnet.
Is it possible to change a rule in the LAN by the command line ? You know re-enable again the traffics without doing a reset… -
Is it possible to restart a service by the commande line like IPSec ?
Perhaps just killing the racoon pid... ?
Thank you in advance for your return.
++
-
-
Why not just log in and create a new rule allowing traffic again?
-
Well, it seemed that i wasn't able to access by http protocole…
I'll check by rebooting once again. -
If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.
-
If you've disabled the web gui anti-lockout rule for LAN,
But how could i disable it since right now, i can't access to the web interface ?
the rule disable all traffics in the LAN…
-
Blocked access with firewall rules
If you blocked yourself out of the WebGUI remotely with a firewall rule, there may still be hope. This shouldn't happen from the LAN as there should be an anti-lockout rule that maintains access to the WebGUI from that interface.
Having to walk someone on-site through fixing the rule is better than losing everything!
Well, i can't access from the LAN…
Is is possible to disable the rule for the LAN interface by the console ?
Thank you in advance.
++
-
@Efonne:
If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.
↑
-
If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.
??? Well i don't really understand… ???
I did not disable "the web gui anti-lockout rule for LAN".
I did make a rule on the firewall configuration that disable all traffics from the LAN.I've tried to set the LAN IP address with the console but i still can not access.
I did disable the firewall :
pfctl -dBut i still can't access to the webgui.
With which command could i modify the /tmp/rules.debug file, please ?
I tried emacs, vim, nano but these commands do not existe.++
-
I found "ee" command to edit a file.
-
Well i can now edit /tmp/rules.debug but i can not find my "rule" that block all the LAN traffics…
I'm still blocked...
-
You don't have to edit anything, just do what Efonne told you, reset the LAN address using option 2) in the console menu.
-
If you want to do it by manually editing /tmp/rules.debug anyway, run pfctl -o basic -f /tmp/rules.debug after you are done to reload the rules.
-
@kpa:
You don't have to edit anything, just do what Efonne told you, reset the LAN address using option 2) in the console menu.
Just said, i did this action several time.
And i connected to the LAN interface directly to access but i did not success… -
Well, my apologies.
It seems that's re-enable the set up of the LAN does resolve the problem.I had some ethernet cable trouble…
Thanks again for your help.
++
