PfSense reload pfctl rules
I am trying to find out how I can apply my changes to the firewall which I made via SSH.
I made an update to one of my firewall rules and need to apply it now.
I read about the command pfctl -f /etc/pf.conf however this file (pf.conf) doesn't seem to exist in the /etc directory on my pfsense server if I do a ls -l in the /etc directory.
Anyone knows how I can find out which filterrules file is currently loaded so I can change the /etc/pf.conf to the correct path?
Many thanks in advance.
The generated ruleset is in /tmp/tules.debug:
But, how did you make the change to the rules from SSH?
I suspect you may lose those changes.
A better option might be to use the easyrule command:
Thank you very much for your reply.
will dig into that.
Pehaps I should be more clear, sorry for that.
My purpose is to do the following;
-monitor eventlogs for external logins ( hack attempts ) on a rd gateway server
-Once an IP is hit for more then 10 times in 1 minute automatically setup a putty session and send keystroke with the IP to add the IP to my firewall alias which blocks the bad guy
I was thinking about pfctl -t hackrule and then add the IP.
Once I do a pfctl -t hackrule -T show I noticed the IP but it was not yet loaded and active hence my question in this forum.
Perhaps not the most professional way but I am just wondering how I can apply the new IP in the alias in the fw rule so it is active straight away.
Which command do I need to execute to reload the firewall so the IP is included?
The command "pfctl -f /tmp/rules.debug" didn't do the trick unfortunately.
If I do a pfctl -t hacklog -T show it shows the IP I added.
Once I run pfctl -f /tmp/rules.debug it disappears like I never added it :-(
Yes, as you found you can't manually change the ruleset as it will be overwritten by the generated rules the next time there is a filter-reload.
A better option here would be to use a URL alias. When you use that in a firewall rule it will pull in the list from an external source. That way you can maintain that list with a script wherever it exists. You would need to trigger a filter reload to update it though.
You might also do that using the pfBlocker package where you can schedule updates for aliases easily.
Thumbs up :-)
Thanks you are helping me out here.
Don't have the time to logon and verify yet but looks prommising.
If I understand correctly, I can host a txt file with several IP / CIDR ranges which it pulls from the internet and uploads itself.
However, how to I trigger the filter reload with, for example, a cron job?
That is my biggest struggle till now.
If you use the pfBlocker package you can set the update interval against the custom list.
If you need to trigger the update immediately via a script I believe you can use:
I had good hope with your command but it doesn't do the trick.
It doesn't give me an error but once I verify in PfSense if the IP alias has been updated with the new added IP it isn't there.
Could it be that the command should be like /etc/rc.update_iptables now since I am using IP addresses?
Ps.: I tried /etc/rc.update_alias_url_data now but that also doesn't do the trick :-( it is not being updated in the GUI when I check the aliasses so I assume it doesn't update the configuration after adding an IP in the alias
When I run that command I see this in the system logs (reversed):
Jul 8 12:30:23 php-cgi rc.update_urltables: /etc/rc.update_urltables: pfB_Spamhaus does not need updating. Jul 8 12:30:23 php-cgi rc.update_urltables: /etc/rc.update_urltables: pfB_NAmerica_v4 does not need updating. Jul 8 12:30:23 php-cgi rc.update_urltables: /etc/rc.update_urltables: Starting URL table alias updates Jul 8 12:30:00 php-cgi rc.update_urltables: /etc/rc.update_urltables: Starting up.
Those are url aliases added by pfBlocker that point to lists of IPs.
Do you not see that logged for your custom alias?