Manualy adding firewall rules
-
@Cry:
Rules for the LAN interface can be found in the LAN section of the Firewall menu on the GUI - it's all pretty obvious if you look ;)
Hi, I would like to configure the pfsense firewall from the command line. I have a lot of rules for my different vlans and i would just like to copy and paste it from the command line if you what I mean. :) Where does pfsense keep the rules from the web interface?
-
Dont configure it on the command line.
You can download the config.xml via the backup menu in the webGUI.
Edit the config.xml with the editor of your choice and then restore the moddified config.(This is not supported)
-
Hi,
Thanks for the reply. I would just like to verify, would the changes in the XML file also reflect on the web GUI interface after restoration?
-
yes
-
Thanks for this. I got it to work now. One thing I just noticed was that the interface names are still in the opt[interface number] format. I thought the new interface names would be reflected, the one that you can edit after assigning the vlans. This made it quite difficult for me at first since I did not know the interface names that the interfaces where assigned to. I had to add a test rule for each interface that I had just to know what opt[interface number] sequence it had.
By the way, I'm using 1.2.1 RC2. I hope in the final release, this small issue with the interface names on the xml file will get better. I suggest that the interface names be named according to their new names. This would make editing the firewall rules in the xml file easier.
Another suggestion, can this topic be posted as a sticky section in the firewall category? I searched for this topic before posting and there are a lot of wrong suggestions in the forum. Some suggested editing the /tmp/???? something file. Another one said it just can't be done and the only way is via the web interface.
-
This is not a supported way of adding rules what are you complaining for?!
Even more if you were smart enough you can look the assignment name in the <interfaces>….</interfaces> section.
-
@ermal:
This is not a supported way of adding rules what are you complaining for?!
Even more if you were smart enough you can look the assignment name in the <interfaces>….</interfaces> section.
I'm not complaining, read the post, its only a suggestion. There are a lot of unsupported methods that are being performed by other people out there and it works for them and so does for me. I'm just saying this because there are a lot of people in the forums who have asked the same question and never got any straight working answers. Though this is unsupported, it worked and now i'm easily able to configure 10 vlans with the same firewall rules. Doing this with the web gui really takes a lot of time.
-
2.0 has something to help with this.
