vlan creation through pfsense shell or other scriptable mean

  • hello

    i'm trying to automate a number of vlan creations through the pfsense shell

    i have 2 goals

    • make sure the opt numbers match across master/slave setups
      ... this could also be achieved by creating interface groups with matching names on the fly
    • deploy many matching vlans across multiple different firewall pairs without hassle

    i worked throught the following

    • i managed to successfully create opt interfaces and map them to the required VLAN
    • i'm using opt1000+vlan_number. i'm unsure i can safely reserve those opt numbers
    • i failed to create the actual vlans by writing to $config['vlans'] w/o using a fixed array key : the vlans make their way into the XML config but are not actually created nor visible in the GUI
    • i have not tried to create the required CARP vips yet
    • i have not yet tried to setup dhcp automagically

    any hints ?

    thanks for your time


  • update : i managed to create the vlan as well.
    need to write to $config['vlans']['vlan'][] rather than $config['vlans'][] . silly me.

    i also managed to get the interface to be created by using rc.reload_all
    but there must be a way to achieve that goal without reloading everything, preferably through the pfsense shell thater than freebsd's

  • update

    i have a working pfsense shell script for the above requirements

    if anyone stumbles upon this thread, i'm still looking for an easy way to inject my script over ssh without messing with expect and cleanly apply changes without reloading the whole thing.

    i'll probably turn this into a sync script from one firewall to another that would leave existing configs alone but inject and possibly update some values

    i'll provide the script as a demo / startup point if anyone else has similar goals. feel free to ask for it

Log in to reply