• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Adding in to Alias and reload firewall from command line?

Scheduled Pinned Locked Moved Firewalling
9 Posts 2 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mucip
    last edited by Mar 7, 2023, 9:50 AM

    Hi,
    I want to add an IP in to "BannedIPAlias" which I use to ban attacker IP's Alias and restart firewall in the command line or programaticly?

    I want to add this command in to bash cron file and run.

    Is this possible?

    Regards,
    Mucip:)

    1 Reply Last reply Reply Quote 0
    • B
      bmeeks
      last edited by bmeeks Mar 7, 2023, 3:09 PM Mar 7, 2023, 3:05 PM

      You do not need to restart the firewall in order to do what you want. The pfctl utility lets you dynamically add or remove addresses from existing pf tables. Here is the documentation: https://man.freebsd.org/cgi/man.cgi?query=pfctl(8).

      Here is the pfSense documentation for viewing Alias Table contents: https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html. Look there and you will see the automatically created pfSense alias tables. And here is the documentation for Aliases: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#aliases.

      pfSense stores aliases as tables in the pf firewall engine. You can use the pfctl utility to manipulate the IP addresses stored in an alias table. Then, in the pfSense firewall rules, create a rule that uses your alias table as either the SOURCE or DESTINATION target.

      Since you already have the BannedIPAlias, then you should see it listed when viewing tables under DIAGNOSTICS > TABLES. It should show whatever IP addresses you have added to it. You can add or remove addresses from the table dynamically using pfctl.

      M 2 Replies Last reply Mar 8, 2023, 9:36 AM Reply Quote 0
      • M
        mucip @bmeeks
        last edited by Mar 8, 2023, 9:36 AM

        Hi @bmeeks,This is very good news.
        I will check. Thank.

        Regards,
        Mucip:)

        1 Reply Last reply Reply Quote 0
        • M
          mucip @bmeeks
          last edited by mucip Mar 9, 2023, 1:40 PM Mar 9, 2023, 1:31 PM

          Hi @bmeeks,
          I've got it. Thanks...
          https://forum.netgate.com/topic/69891/modify-aliases-from-ssh-shell/8

          pfctl -t Yasakli_IPler -T add 1.2.3.4

          Regards,
          Mucip:)

          B 1 Reply Last reply Mar 9, 2023, 6:59 PM Reply Quote 0
          • B
            bmeeks @mucip
            last edited by Mar 9, 2023, 6:59 PM

            @mucip said in Adding in to Alias and reload firewall from command line?:

            Hi @bmeeks,
            I've got it. Thanks...
            https://forum.netgate.com/topic/69891/modify-aliases-from-ssh-shell/8

            pfctl -t Yasakli_IPler -T add 1.2.3.4

            Regards,
            Mucip:)

            Correct. I was away and unable to reply immediately. But I see you found the correct command sequence. pfctl is a powerful command-line tool.

            M 1 Reply Last reply Mar 10, 2023, 11:21 AM Reply Quote 0
            • M
              mucip @bmeeks
              last edited by Mar 10, 2023, 11:21 AM

              Hi @bmeeks ,
              Houston... We've got a problem. :)

              With this command I can see added IP in Menu>Diagnostic>Tables.

              But I can not see same IP in Menu>Firewall>Aliases>Yasakli_IPler

              Blocking is working but I can not see it in Aliases menu?

              Regards,
              Mucip:)

              B 1 Reply Last reply Mar 10, 2023, 12:35 PM Reply Quote 0
              • B
                bmeeks @mucip
                last edited by bmeeks Mar 10, 2023, 1:05 PM Mar 10, 2023, 12:35 PM

                @mucip said in Adding in to Alias and reload firewall from command line?:

                Hi @bmeeks ,
                Houston... We've got a problem. :)

                With this command I can see added IP in Menu>Diagnostic>Tables.

                But I can not see same IP in Menu>Firewall>Aliases>Yasakli_IPler

                Blocking is working but I can not see it in Aliases menu?

                Regards,
                Mucip:)

                The Aliases menu does not read from the pf table. It stores its data in the firewall's config.xml file. The contents of that data is modified when you make changes in the GUI, and then when the filter reload command is issued to pf by the GUI, pf will create the tables given to it by the GUI code and load the IP addresses supplied by the GUI.

                What you are doing is totally outside the GUI process (which is driven by PHP code). You are using a FreeBSD utility to directly modify the table's content at runtime. The firewall portion of the GUI will not see that, but the binary code of the firewall engine (pf) will see that change and act upon it. That's why the blocking is working.

                I thought you simply wanted a way to add one or more IPs to an existing alias at runtime on a temporary basis. Generally when doing something like fail2ban you just want to ban the IP for some period but not forever. Using the pfctl utility to add the IP directly into the pf runtime table will block that IP until the firewall reloads itself (triggered by something you do in the GUI by making certain changes) or when the firewall reboots.

                There is no way to add IPs directly into the GUI at runtime from a third-party script without editing the config.xml file, and doing that on the fly is extraordinarily risky and likely to break the firewall completely.

                M 1 Reply Last reply Mar 10, 2023, 1:02 PM Reply Quote 0
                • M
                  mucip @bmeeks
                  last edited by Mar 10, 2023, 1:02 PM

                  Hi @bmeeks ,
                  Ok. I will try to live with this fact. Thanks... :)

                  Regards,
                  Mucip:)

                  B 1 Reply Last reply Mar 10, 2023, 1:06 PM Reply Quote 0
                  • B
                    bmeeks @mucip
                    last edited by bmeeks Mar 10, 2023, 1:07 PM Mar 10, 2023, 1:06 PM

                    @mucip said in Adding in to Alias and reload firewall from command line?:

                    Hi @bmeeks ,
                    Ok. I will try to live with this fact. Thanks... :)

                    Regards,
                    Mucip:)

                    You can see the IP addresses you add at runtime by going to DIAGNOSTICS > TABLES in the pfSense menu and then choosing the table name correspondig to your alias. Literally that PHP code runs the same pfctl utility to dump out all the pf tables and their content for display.

                    But the GUI stuff under FIREWALL > ALIASES won't see things you do directly in the pf tables using pfctl yourself.

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received