Revert easyrule pass programatically?



  • Hi,

    As part of a larger scripted effort, I'm trying to programmatically allow, then disallow traffic into my network.

    Specifically, traffic from any WAN IP via port P into a given LAN IP and port. I've setup a NAT rule for this and I'm successfully able to allow the traffic by using the easyrule command below.

    easyrule pass WAN TCP 0.0.0.0/0 X.X.X.X P
    

    My question is: Can I then revert this rule ?

    The easyrule documentation only seems to indicate blocking only by IP and not port. If not, is there another way to accomplish this currently? My only other thought is to parse the config.xml on the fly and triggering /etc/rc.filter.configure (which seems messy)

    Thanks in advance.



  • I am wondering this as well. In my case I am looking for a way to allow traffic on a specific port using the shell and disable traffic after a given time. Easyrule seemed perfect for this.

    The reason for this is one of our costumers has got a pfsense firewall and would like to given openvpn acces to a software supplier for debugging purposes. However he wants to maintain control over when they get access and for how long. They're not stupid but no firewall wizards. So we threw an windows application together that can securely access the shell and issue commands. To our surprise we can add the pass UDP on VPN port easily with easyrule but can not find a way to disable or remove it from the command line without going into configurations files.

    Does anybody know if this is possible en how ?


  • Rebel Alliance Developer Netgate

    No, it's still not possible.



  • Am I dense or wouldn't it make sense to just make a user account with the access you want to give and then revoke it when done?