• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

API for automation

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    junicast
    last edited by Nov 15, 2017, 9:33 AM

    Hi,

    is there any possibility to automate tasks like creating filter or NAT rules via some kind of api for 2.4+?
    If not what is best practice for such things?
    My intention is to automate installing BSD jails on a FreeNAS system and for each of those jails I would need rules. I'm not really sure about what rules, but I'm thinking of:

    • NAT
    • packet filter
    • Load Balancing.

    Thank you

    1 Reply Last reply Reply Quote 0
    • P
      pdrass
      last edited by Nov 15, 2017, 5:56 PM

      Interesting but I'm not seeing the picture 100%.

      What kicks off the process of automation?  You creating accounts or someone "signing up" that then triggers account creation to use your system?

      I would think like this:

      Account Creation > cron that checks for new accounts > if new account execute jail script > jail script runs run script to create rules.

      I believe you can command line your rules in PFSense with easy rules:

      https://doc.pfsense.org/index.php/Adding_Rules_With_easyrule

      …but I'm not 100% sure that would do more sophisticated rules like NAT if you needed NAT.

      Apparently there is an API for developers and not every GUI function has a CLI parallel command:

      https://forum.pfsense.org/index.php?topic=112052.0

      Good luck!

      1 Reply Last reply Reply Quote 0
      • J
        junicast
        last edited by Nov 15, 2017, 11:27 PM Nov 15, 2017, 11:15 PM

        I haven't got the full picture myself, yet.  :o
        What I basically have in mind is to have several services:

        • pfSense (dedicated hardware) as Layer3/4 load balancer like e.g. keepalived that handles traffic to one or more
        • reverse proxy (FreeNAS) with certbot, that again redirects traffic to
        • webserver jail (FreeNAS), while the customer has only uploading opportunities through a specifiy
        • upload jail (FreeNAS) which also accesses the same storage as webserver jail, then a
        • database jail (FreeNAS) and
        • jail templates for expandibility
          Something like that…

        As there is a database already which I thought my be extended easily... cron might be a good idea.
        I could as well somehow push updates to the client. Cron would be easier I suppose but slower.

        The easyrule is a very nice hint, thank you.
        FreeNAS for example has an api that lets me list, update or create jails. Seems nice.
        http://api.freenas.org/
        Interestingly FreeNAS Corral had a pretty darn good command line. Loved it. Sadly but understandingly the let Corral die for quality reasons.

        As there obviously isn't such an API in pfSense I just wanted to state that I would wish for one. Just saying.    ;)

        1 Reply Last reply Reply Quote 0
        • H
          hbauer
          last edited by Nov 16, 2017, 12:46 PM

          unfortunately there is currently no api to automate stuff

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received