Change firewall rules with shell?



  • Is there anyway to change the firewall rules in the shell? I made a mistake in setting up my rules and cant access the webGUI remotely and don't want to drive 120 miles to the office to change it. I really only need to make a rule to forward port 31337 to port 80 and I think I need to add a NAT rule.

    Thanks!


  • Rebel Alliance Developer Netgate

    If you can get in via ssh, you can set your ssh client to tunnel whatever port you need to connect back to the WebGUI.

    If the WebGUI is on port 80, set your client to forward local port 80 (or 8080, or whatever) to remote port "localhost:80", then point your browser to http://localhost:80 (or whichever local port you chose.)

    That should get you in to do whatever you need.

    You can make some changes to the system via the PHP shell, but it's easier to just forward the port with ssh if that is still working.


  • Rebel Alliance Developer Netgate

    If it helps, I added an FAQ page for this (And similar scenarios)

    There are probably more ways than I mention there to get in, but I put more details on the SSH method there as well:

    http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI%2C_help!



  • You can also disable filtering entirely from the command line with a 'pfctl -d'.  Alternately, we leave the loaded ruleset in /tmp/rules.debug, feel free to edit it to fix your connectivity issue and reload with pfctl -f /tmp/rules.debug, then do whatever work you need to do in the UI to make the fix permanent.

    –Bill


Locked