Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Adding in to Alias and reload firewall from command line?

    Firewalling
    2
    9
    302
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mucip
      mucip last edited by

      Hi,
      I want to add an IP in to "BannedIPAlias" which I use to ban attacker IP's Alias and restart firewall in the command line or programaticly?

      I want to add this command in to bash cron file and run.

      Is this possible?

      Regards,
      Mucip:)

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by bmeeks

        You do not need to restart the firewall in order to do what you want. The pfctl utility lets you dynamically add or remove addresses from existing pf tables. Here is the documentation: https://man.freebsd.org/cgi/man.cgi?query=pfctl(8).

        Here is the pfSense documentation for viewing Alias Table contents: https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html. Look there and you will see the automatically created pfSense alias tables. And here is the documentation for Aliases: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#aliases.

        pfSense stores aliases as tables in the pf firewall engine. You can use the pfctl utility to manipulate the IP addresses stored in an alias table. Then, in the pfSense firewall rules, create a rule that uses your alias table as either the SOURCE or DESTINATION target.

        Since you already have the BannedIPAlias, then you should see it listed when viewing tables under DIAGNOSTICS > TABLES. It should show whatever IP addresses you have added to it. You can add or remove addresses from the table dynamically using pfctl.

        mucip 2 Replies Last reply Reply Quote 0
        • mucip
          mucip @bmeeks last edited by

          Hi @bmeeks,This is very good news.
          I will check. Thank.

          Regards,
          Mucip:)

          1 Reply Last reply Reply Quote 0
          • mucip
            mucip @bmeeks last edited by mucip

            Hi @bmeeks,
            I've got it. Thanks...
            https://forum.netgate.com/topic/69891/modify-aliases-from-ssh-shell/8

            pfctl -t Yasakli_IPler -T add 1.2.3.4

            Regards,
            Mucip:)

            bmeeks 1 Reply Last reply Reply Quote 0
            • bmeeks
              bmeeks @mucip last edited by

              @mucip said in Adding in to Alias and reload firewall from command line?:

              Hi @bmeeks,
              I've got it. Thanks...
              https://forum.netgate.com/topic/69891/modify-aliases-from-ssh-shell/8

              pfctl -t Yasakli_IPler -T add 1.2.3.4

              Regards,
              Mucip:)

              Correct. I was away and unable to reply immediately. But I see you found the correct command sequence. pfctl is a powerful command-line tool.

              mucip 1 Reply Last reply Reply Quote 0
              • mucip
                mucip @bmeeks last edited by

                Hi @bmeeks ,
                Houston... We've got a problem. :)

                With this command I can see added IP in Menu>Diagnostic>Tables.

                But I can not see same IP in Menu>Firewall>Aliases>Yasakli_IPler

                Blocking is working but I can not see it in Aliases menu?

                Regards,
                Mucip:)

                bmeeks 1 Reply Last reply Reply Quote 0
                • bmeeks
                  bmeeks @mucip last edited by bmeeks

                  @mucip said in Adding in to Alias and reload firewall from command line?:

                  Hi @bmeeks ,
                  Houston... We've got a problem. :)

                  With this command I can see added IP in Menu>Diagnostic>Tables.

                  But I can not see same IP in Menu>Firewall>Aliases>Yasakli_IPler

                  Blocking is working but I can not see it in Aliases menu?

                  Regards,
                  Mucip:)

                  The Aliases menu does not read from the pf table. It stores its data in the firewall's config.xml file. The contents of that data is modified when you make changes in the GUI, and then when the filter reload command is issued to pf by the GUI, pf will create the tables given to it by the GUI code and load the IP addresses supplied by the GUI.

                  What you are doing is totally outside the GUI process (which is driven by PHP code). You are using a FreeBSD utility to directly modify the table's content at runtime. The firewall portion of the GUI will not see that, but the binary code of the firewall engine (pf) will see that change and act upon it. That's why the blocking is working.

                  I thought you simply wanted a way to add one or more IPs to an existing alias at runtime on a temporary basis. Generally when doing something like fail2ban you just want to ban the IP for some period but not forever. Using the pfctl utility to add the IP directly into the pf runtime table will block that IP until the firewall reloads itself (triggered by something you do in the GUI by making certain changes) or when the firewall reboots.

                  There is no way to add IPs directly into the GUI at runtime from a third-party script without editing the config.xml file, and doing that on the fly is extraordinarily risky and likely to break the firewall completely.

                  mucip 1 Reply Last reply Reply Quote 0
                  • mucip
                    mucip @bmeeks last edited by

                    Hi @bmeeks ,
                    Ok. I will try to live with this fact. Thanks... :)

                    Regards,
                    Mucip:)

                    bmeeks 1 Reply Last reply Reply Quote 0
                    • bmeeks
                      bmeeks @mucip last edited by bmeeks

                      @mucip said in Adding in to Alias and reload firewall from command line?:

                      Hi @bmeeks ,
                      Ok. I will try to live with this fact. Thanks... :)

                      Regards,
                      Mucip:)

                      You can see the IP addresses you add at runtime by going to DIAGNOSTICS > TABLES in the pfSense menu and then choosing the table name correspondig to your alias. Literally that PHP code runs the same pfctl utility to dump out all the pf tables and their content for display.

                      But the GUI stuff under FIREWALL > ALIASES won't see things you do directly in the pf tables using pfctl yourself.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post