PHP Shell Scripts: bringing up and down Interfaces and checking whether enabled



  • Hello!

    I am trying to both find out if an interface is enabled right now, as well as to change the state. It seems to be half working.

    print_r($config['interfaces']['wan']['enable']);
    
    $config['interfaces']['wan']['enable'] = false;
    $config['interfaces']['wan']['disabled'] = true;
    write_config();
    interfaces_sync_setup();
    exec;
    
    // interfaces_bring_up('wan');
    interface_bring_down('wan');
    interface_bring_down('pppoe0');
    interface_reconfigure('wan');
    print_r(Interface_isppp_type('wan'));
    interface_configure('wan');
    interface_configure('pppoe0');
    //interfaces_setup();
    print_r(get_interface_list());
    exec;
    

    I have 2 main issues:

    1. getting enabled state seems to be unreliable, especially, sometimes this value is not set

    2. changes are not applied. I have to use

    system_reboot_sync();
    

    which works but which I really would like to avoid, since it takes a long time and does not match the "apply changes" web UI option, which seems a little more leightweight.

    Thanks!



  • Best solution I had for this so far was to parse ifconfig….  but might I suggest that you ask this question in the development forum.... much more likely to be seen by someone who knows their way around pfSense internals/code.

    If you get a good answer please mark your thread solved....



  • @Guardian
    Thanks for 1) I thought the same (from what I have seen so far, and not having found a way to access CARP state otherwise).

    For 2) I am still searching.

    Also, I asked mod to move.. only saw "how do I compile x" messages in dev forum, that is why I went to general.



  • So.. i copy/pasted the code from the UI interfaces.php (the "apply" POST). Also, I had to persist the .interfaces.apply for each configuration (enabled and disabled).
    Gateway assignment and defaults still were a huge issue.. so I am happy it is running for now.

    I guess this will break with some update in the future (would be nicer to have a clear cut between UI and some fixed logic with a documented API), so I will be a little more reluctant to update that box.

    So.. what I have now is a PPPoE-CARP (well, the CARP is only on the LAN, but the WAN uses PPPoE depending on who is CARP master, so they also share the same WAN IP), I also just added a VLAN interface to have HA of the relevant parts (for me VPN, IPSEC and OpenVPN) sync from Master to Backup via HA.

    When the MASTER beocmes unavailable, it takes a little over 1 minute till the BACKUP is dialed in, but still, I hope this will prevent me from remotely locking myself out in the future, plus it should make system updates a lot better (internet connection only interrupted for 1 minute, available afterwards again with same features).


Log in to reply