Command to regenerate /tmp/rules.debug
-
Hello,
I would like to let ansible (AWX Server) manage a few parts of the pfsense config, eg. add allowed MAC-Addresses to the Captive Portal. I found out that the MACs are written to the config.xml and that the MACs are some kind of anchor in the packet filter. (But I don't know how anchors work in BSD and why there is no MAC in the rules.debug)
So what I plan to do is to change the config.xml by ansible, regenerate the /tmp/rules.debug-File and reapply this file to the packetfilter.
Is there a command to force to update the rules.debug-File or a better way?
-
@cpa
First things first : what is your pfSense version ?
Because 2.6.0 still uses ipfw as a first firewall, and pf as the GUI based firewall.
pfSense Plus 22.05 ditched ipfw, and the portal is now pf-only based. -
Sorry,
I'm using the Version 2.7.0-DEVELOPMENT. -
@cpa said in Command to regenerate /tmp/rules.debug:
and why there is no MAC in the rules.debug)
 "/tmp/rules.debug" yourself.
This file exists as read only, and can be changed by the system at any time.It would work, of course, as most part of the GUI is written in PHP, but : You have to know how pfSense works - and there is no way to short circuit that.
Adding a MAC to the MAC list of the captive portal isn't rocket science, as you can borrow all the PHP scripts that already exist.
How to 'flush' the new MAC to the config and applied it to the firewall : you'll find out fast enough, as code writing always starts with a lot of reading (about how the system works).
pfSense doesn't have an API or something like that.