List of hooks?



  • (x-post from /r/PFSENSE)

    Reading this reddit post got me thinking: I don't think these type of "hooks" are documented anywhere.

    For example /etc/rc.gateway_alarm gets triggered when a gateway changes state (up/packetloss/latency/down) and is an OK place to add extra actions that you want to happen for those things, like sending additional alerts or killing states.

    I know we can scour the code and try to sniff out the rest of them but, is there already such a list somewhere that can be published?


  • Banned

    @luckman212 said in List of hooks?:

    For example /etc/rc.gateway_alarm gets triggered when a gateway changes state (up/packetloss/latency/down) and is an OK place to add extra actions that you want to happen for those things, like sending additional alerts or killing states.

    Not really, because the content of /etc/ gets overwritten when pfSense updates. So officially documenting it will likely cause an additional flood of complaints on every pfSense update. The only thing supported is: https://www.netgate.com/docs/pfsense/development/executing-commands-at-boot-time.html#shell-script-option



  • I agree, modifying the /etc/rc.* files directly is not durable. It would be better if the rc* files tested for the existence of a user-defined script named /etc/{scriptname}_custom and executed that if it exists. This would be safer, and survive upgrades.

    E.g. in the case of rc.gateway_alarm (at the end) instead of:

    exit $?
    

    It could be:

    [ -x /etc/rc.gateway_alarm_custom ] && /etc/rc.gateway_alarm_custom 
    exit $?
    

    And then users could create /etc/rc.gateway_alarm_custom if they need to do any custom work there:

    #!/bin/sh
    logger -t rc.hook "doing extra stuff..."
    [...stuff...]
    echo '<?php include("notices.inc"); $msg = "stuff has completed"; notify_via_smtp($msg);?>' | php -q
    


  • Hi,

    Just wanted to describe a use case where this might be an extremely useful.

    We have 3 ISPs connected to pfSense (two of them actually for HA), each of them provides us 2 subnets (one for failover support and another one for our services). While DynDNS service perfectly changes pfSense's public IP when a gateway triggers its state, the other services (that hosted behind pfSense) can't change their public IP addresses allocated from the 2nd subnets.

    It would be really useful to set up a hook on a gateway state change that would run a custom script with all required actions to update other services DNS records.

    One thing that I'd probably change from the @luckman212 suggestion is to look for a custom script in a directory that won't be overwritten upon pfSense update, for example /usr/local/etc/rc.d/rc.gateway_alarm_custom.

    Please, implement this in the next pfSense release!



  • After some researching I've found that there's a special plugin hook - plugin_gateway. So, here is the package which implements /usr/local/etc/rc.d/rc.gateway_alarm_custom start up upon a gateway up/down event - https://github.com/jazzl0ver/pfSense-pkg-gatewayhook



  • @jazzl0ver
    It's great that you discovered the script. However , could you describe according to your previous post what specific actions ( (for common use cases of multi-wan setups ) are needed after the hook, when a gateway is down and another one is selected from the group as default? Would you like to see specific dns servers declared (on general setup) to use a specific gateway change automatically to the new selected gateway? Update local dns service pointing to services to a dmz ? Also, according to your post, please state why a change is needed for dns in relation with the setup, configuration and limitations of dns service you have setup locally.

    Thanks.



  • @cosmor, we host public DNS zones on a separate server (bind9), so when the ISP channel gets switched to another one on pfSense, we need something to reach that server out and somehow update the zones (by nsupdate if the zones are dynamic or a custom script otherwise).

    In our case we use a custom script, which is triggered by ssh login called from rc.gateway_alarm_custom. The script discovers the current channel, substitutes predefined zone template for a zone, increases the zone serial and reloads the zone.

    Let me know if you need more details on that.


Log in to reply