Accept/Block IPs from shell using script

rcbandit · Dec 24, 2009, 2:25 PM

Hi, I want to write a script that configures pfsense via ssh. What commands I need to use to configure pfsense to block IP address? Can you give me an example?

regards

jimp · Dec 24, 2009, 6:27 PM

All of the rules are created and edited via PHP, though there are some ways to update things in pf dynamically from the CLI, none are officially supported.

If you want to make permanent block rules, look at the "easy rule" code I wrote that is in 2.0 (or in the Dashboard package), that could probably be adapted into a CLI PHP script to do a similar task.

rcbandit · Dec 24, 2009, 7:24 PM

can you tell how to disable this

*** Welcome to pfSense 1.2.3-RELEASE-pfSense on pfSense-VM ***

WAN* -> em0 -> 192.168.1.117(DHCP)
LAN* -> em1 -> 192.168.1.111

pfSense console setup

0) Logout (SSH only)
1) Assign Interfaces
2) Set LAN IP address
3) Reset webConfigurator password
4) Reset to factory defaults
5) Reboot system
6) Halt system
7) Ping host
8) Shell
9) PFtop
10) Filter Logs
11) Restart webConfigurator
12) pfSense Developer Shell
13) Upgrade from console
14) Disable Secure Shell (sshd)

Enter an option:

maybe when I login configuration file is executed. Can you tell me where I can find it and edit it allays to be option 8(SSH).

I think that I can write script witch can connect with pfsense via SSH and reconfigure pf rules with the command pfctl.

jimp · Dec 24, 2009, 7:25 PM

Login to ssh as the root user, not admin. The admin account is locked into the menu, root is not.

rcbandit · Dec 24, 2009, 7:35 PM

I tryed ssh root@192.168.1.111

But still the appears the same.

Tell me witch configuration file I must edit?

jimp · Dec 24, 2009, 7:43 PM

if you ssh in as root, yes, that will appear.

However, you can execute commands remotely using ssh and that works

root@chomp:~# ssh root@192.168.130.8 "ls -l"
Password:
total 22
-r–r--r-- 1 root wheel 798 Dec 18 12:21 .cshrc
-rw-r--r-- 1 root wheel 0 Dec 18 16:10 .first_time
-r--r--r-- 1 root wheel 0 Dec 18 14:41 .hushlogin
-r--r--r-- 1 root wheel 303 Dec 18 12:21 .login
-rw-r--r-- 1 root wheel 0 Dec 18 16:10 .part_mount
-r--r--r-- 1 root wheel 258 Dec 23 19:58 .profile
-r--r--r-- 1 root wheel 129 Dec 23 19:58 .shrc
-rw-r--r-- 1 root wheel 1 Dec 18 16:10 .tcshrc
-rw-r--r-- 1 root wheel 109 Dec 23 19:57 latest.tgz.sha256
drwxr-xr-x 4 root wheel 512 Dec 21 16:47 pfsense
-rw-r--r-- 1 root wheel 6569 Dec 22 19:21 test.txt

When you script something with ssh, it shouldn't just login and then expect a shell prompt.

If you need more information that that, it's all general unix/freebsd stuff, and really quite unsupported so you'll be on your own.

rcbandit · Dec 24, 2009, 7:49 PM

I don't need to see the result.

The script that I will use will execute one way commands. I don't need output.
Please, tell me where to find the file that force pfsense to ask every time then I login

*** Welcome to pfSense 1.2.3-RELEASE-pfSense on pfsense-vm ***

WAN* -> em0 -> 192.168.1.117(DHCP)
LAN* -> em1 -> 192.168.1.111

pfSense console setup

0) Logout (SSH only)
1) Assign Interfaces
2) Set LAN IP address
3) Reset webConfigurator password
4) Reset to factory defaults
5) Reboot system
6) Halt system
7) Ping host
8) Shell
9) PFtop
10) Filter Logs
11) Restart webConfigurator
12) pfSense Developer Shell
13) Upgrade from console
14) Disable Secure Shell (sshd)

Enter an option:

jimp · Dec 24, 2009, 7:55 PM

What I suggested in the last message will work, regardless of whether or not you need the output. That is the proper way to remotely execute ssh commands.

If you really want to get rid of the menu, remove the contents of /root/.profile, and then when you login as root it will just go to a shell prompt.

rcbandit · Dec 24, 2009, 8:02 PM

ok, thank you!

best wishes