API for automation
pmisch last edited by
is there any possibility to automate tasks like creating filter or NAT rules via some kind of api for 2.4+?
If not what is best practice for such things?
My intention is to automate installing BSD jails on a FreeNAS system and for each of those jails I would need rules. I'm not really sure about what rules, but I'm thinking of:
- packet filter
- Load Balancing.
Interesting but I'm not seeing the picture 100%.
What kicks off the process of automation? You creating accounts or someone "signing up" that then triggers account creation to use your system?
I would think like this:
Account Creation > cron that checks for new accounts > if new account execute jail script > jail script runs run script to create rules.
I believe you can command line your rules in PFSense with easy rules:
…but I'm not 100% sure that would do more sophisticated rules like NAT if you needed NAT.
Apparently there is an API for developers and not every GUI function has a CLI parallel command:
pmisch last edited by
I haven't got the full picture myself, yet. :o
What I basically have in mind is to have several services:
- pfSense (dedicated hardware) as Layer3/4 load balancer like e.g. keepalived that handles traffic to one or more
- reverse proxy (FreeNAS) with certbot, that again redirects traffic to
- webserver jail (FreeNAS), while the customer has only uploading opportunities through a specifiy
- upload jail (FreeNAS) which also accesses the same storage as webserver jail, then a
- database jail (FreeNAS) and
- jail templates for expandibility
Something like that…
As there is a database already which I thought my be extended easily... cron might be a good idea.
I could as well somehow push updates to the client. Cron would be easier I suppose but slower.
The easyrule is a very nice hint, thank you.
FreeNAS for example has an api that lets me list, update or create jails. Seems nice.
Interestingly FreeNAS Corral had a pretty darn good command line. Loved it. Sadly but understandingly the let Corral die for quality reasons.
As there obviously isn't such an API in pfSense I just wanted to state that I would wish for one. Just saying. ;)
unfortunately there is currently no api to automate stuff