Is it possible to create firewall rules in PfSense by script or with an API ?

prospy · Jun 19, 2009, 3:49 PM

I'am working on a virtualisation project (with VMWARE ESX) where we deploy all servers (OS and specific software) and network components (VLAN, Load-Balancing Rules, …) automatically by script. But we don't have solution for the firewalls.

I'am looking for a firewall with an API to enable the creation of new rules by script from outside the PfSense machine.

Is there a way to do that with PfSense ?

Thanks

jimp · Jun 19, 2009, 4:50 PM

@prospy:

from outside the PfSense machine.

That will be the part that gets you.

There are ways to create rules, but none that I would call an "API" and certainly not anything meant to be called remotely.

You can look at the recent additions to the dashboard package, the "Easy Rule" stuff, for some pointers, but that still isn't something I'd recommend implementing in an automated fashion.

Eugene · Jun 19, 2009, 11:59 PM

May be creating config.xml off-site, pushing it into pfSense and reloading config?
config.xml has very straightforward syntax.

prospy · Jun 29, 2009, 9:38 AM

Thank you for these answers.
Il will try the new dashboard package.

And about modifying config.xml and reloading the config, do you know if, when you reload the config , the current sessions will be cut or not ?

jahonix · Jun 29, 2009, 12:18 PM

IMHO uploading a changed config.xml requires a reboot.
I tend to believe that current sessions will be cut then. :)

Another route to go might be the centralized management interface that popped up as a bounty several times already and never was finished. I think it's withdrawn but look in the bounty section.