Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    API for automation

    General pfSense Questions
    3
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • junicastJ
      junicast
      last edited by

      Hi,

      is there any possibility to automate tasks like creating filter or NAT rules via some kind of api for 2.4+?
      If not what is best practice for such things?
      My intention is to automate installing BSD jails on a FreeNAS system and for each of those jails I would need rules. I'm not really sure about what rules, but I'm thinking of:

      • NAT
      • packet filter
      • Load Balancing.

      Thank you

      1 Reply Last reply Reply Quote 0
      • P
        pdrass
        last edited by

        Interesting but I'm not seeing the picture 100%.

        What kicks off the process of automation?  You creating accounts or someone "signing up" that then triggers account creation to use your system?

        I would think like this:

        Account Creation > cron that checks for new accounts > if new account execute jail script > jail script runs run script to create rules.

        I believe you can command line your rules in PFSense with easy rules:

        https://doc.pfsense.org/index.php/Adding_Rules_With_easyrule

        …but I'm not 100% sure that would do more sophisticated rules like NAT if you needed NAT.

        Apparently there is an API for developers and not every GUI function has a CLI parallel command:

        https://forum.pfsense.org/index.php?topic=112052.0

        Good luck!

        1 Reply Last reply Reply Quote 0
        • junicastJ
          junicast
          last edited by

          I haven't got the full picture myself, yet.  :o
          What I basically have in mind is to have several services:

          • pfSense (dedicated hardware) as Layer3/4 load balancer like e.g. keepalived that handles traffic to one or more
          • reverse proxy (FreeNAS) with certbot, that again redirects traffic to
          • webserver jail (FreeNAS), while the customer has only uploading opportunities through a specifiy
          • upload jail (FreeNAS) which also accesses the same storage as webserver jail, then a
          • database jail (FreeNAS) and
          • jail templates for expandibility
            Something like that…

          As there is a database already which I thought my be extended easily... cron might be a good idea.
          I could as well somehow push updates to the client. Cron would be easier I suppose but slower.

          The easyrule is a very nice hint, thank you.
          FreeNAS for example has an api that lets me list, update or create jails. Seems nice.
          http://api.freenas.org/
          Interestingly FreeNAS Corral had a pretty darn good command line. Loved it. Sadly but understandingly the let Corral die for quality reasons.

          As there obviously isn't such an API in pfSense I just wanted to state that I would wish for one. Just saying.    ;)

          1 Reply Last reply Reply Quote 0
          • H
            hbauer
            last edited by

            unfortunately there is currently no api to automate stuff

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.