Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Revert easyrule pass programatically?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reub
      last edited by

      Hi,

      As part of a larger scripted effort, I'm trying to programmatically allow, then disallow traffic into my network.

      Specifically, traffic from any WAN IP via port P into a given LAN IP and port. I've setup a NAT rule for this and I'm successfully able to allow the traffic by using the easyrule command below.

      easyrule pass WAN TCP 0.0.0.0/0 X.X.X.X P
      

      My question is: Can I then revert this rule ?

      The easyrule documentation only seems to indicate blocking only by IP and not port. If not, is there another way to accomplish this currently? My only other thought is to parse the config.xml on the fly and triggering /etc/rc.filter.configure (which seems messy)

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • C
        Chocomel
        last edited by

        I am wondering this as well. In my case I am looking for a way to allow traffic on a specific port using the shell and disable traffic after a given time. Easyrule seemed perfect for this.

        The reason for this is one of our costumers has got a pfsense firewall and would like to given openvpn acces to a software supplier for debugging purposes. However he wants to maintain control over when they get access and for how long. They're not stupid but no firewall wizards. So we threw an windows application together that can securely access the shell and issue commands. To our surprise we can add the pass UDP on VPN port easily with easyrule but can not find a way to disable or remove it from the command line without going into configurations files.

        Does anybody know if this is possible en how ?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          No, it's still not possible.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • W
            W4RH34D
            last edited by

            Am I dense or wouldn't it make sense to just make a user account with the access you want to give and then revoke it when done?

            Did you really check your cables?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.