Change firewall rules with shell?

komplex · Feb 14, 2009, 6:09 PM

Is there anyway to change the firewall rules in the shell? I made a mistake in setting up my rules and cant access the webGUI remotely and don't want to drive 120 miles to the office to change it. I really only need to make a rule to forward port 31337 to port 80 and I think I need to add a NAT rule.

Thanks!

jimp · Feb 15, 2009, 1:32 AM

If you can get in via ssh, you can set your ssh client to tunnel whatever port you need to connect back to the WebGUI.

If the WebGUI is on port 80, set your client to forward local port 80 (or 8080, or whatever) to remote port "localhost:80", then point your browser to http://localhost:80 (or whichever local port you chose.)

That should get you in to do whatever you need.

You can make some changes to the system via the PHP shell, but it's easier to just forward the port with ssh if that is still working.

jimp · Feb 15, 2009, 2:22 AM

If it helps, I added an FAQ page for this (And similar scenarios)

There are probably more ways than I mention there to get in, but I put more details on the SSH method there as well:

http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI%2C_help!

billm · Feb 16, 2009, 8:24 PM

You can also disable filtering entirely from the command line with a 'pfctl -d'. Alternately, we leave the loaded ruleset in /tmp/rules.debug, feel free to edit it to fix your connectivity issue and reload with pfctl -f /tmp/rules.debug, then do whatever work you need to do in the UI to make the fix permanent.

–Bill