Accept/Block IPs from shell using script



  • Hi, I want to write a script that configures pfsense via ssh. What commands I need to use to configure pfsense to block IP address? Can you give me an example?

    regards


  • Rebel Alliance Developer Netgate

    All of the rules are created and edited via PHP, though there are some ways to update things in pf dynamically from the CLI, none are officially supported.

    If you want to make permanent block rules, look at the "easy rule" code I wrote that is in 2.0 (or in the Dashboard package), that could probably be adapted into a CLI PHP script to do a similar task.



  • can you tell how to disable this

    *** Welcome to pfSense 1.2.3-RELEASE-pfSense on pfSense-VM ***

    WAN*                    -> em0 -> 192.168.1.117(DHCP)
      LAN*                    -> em1 -> 192.168.1.111

    pfSense console setup


    0)  Logout (SSH only)
    1)  Assign Interfaces
    2)  Set LAN IP address
    3)  Reset webConfigurator password
    4)  Reset to factory defaults
    5)  Reboot system
    6)  Halt system
    7)  Ping host
    8)  Shell
    9)  PFtop
    10)  Filter Logs
    11)  Restart webConfigurator
    12)  pfSense Developer Shell
    13)  Upgrade from console
    14)  Disable Secure Shell (sshd)

    Enter an option:

    maybe when I login configuration file is executed. Can you tell me where I can find it and edit it allays to be option 8(SSH).

    I think that I can write script witch can connect with pfsense via SSH and reconfigure pf rules with the command pfctl.


  • Rebel Alliance Developer Netgate

    Login to ssh as the root user, not admin. The admin account is locked into the menu, root is not.



  • I tryed ssh root@192.168.1.111

    But still the appears the same.

    Tell me witch configuration file I must edit?


  • Rebel Alliance Developer Netgate

    if you ssh in as root, yes, that will appear.

    However, you can execute commands remotely using ssh and that works

    root@chomp:~# ssh root@192.168.130.8 "ls -l"
    Password:
    total 22
    -r–r--r--  1 root  wheel  798 Dec 18 12:21 .cshrc
    -rw-r--r--  1 root  wheel    0 Dec 18 16:10 .first_time
    -r--r--r--  1 root  wheel    0 Dec 18 14:41 .hushlogin
    -r--r--r--  1 root  wheel  303 Dec 18 12:21 .login
    -rw-r--r--  1 root  wheel    0 Dec 18 16:10 .part_mount
    -r--r--r--  1 root  wheel  258 Dec 23 19:58 .profile
    -r--r--r--  1 root  wheel  129 Dec 23 19:58 .shrc
    -rw-r--r--  1 root  wheel    1 Dec 18 16:10 .tcshrc
    -rw-r--r--  1 root  wheel  109 Dec 23 19:57 latest.tgz.sha256
    drwxr-xr-x  4 root  wheel  512 Dec 21 16:47 pfsense
    -rw-r--r--  1 root  wheel  6569 Dec 22 19:21 test.txt

    When you script something with ssh, it shouldn't just login and then expect a shell prompt.

    If you need more information that that, it's all general unix/freebsd stuff, and really quite unsupported so you'll be on your own.



  • I don't need to see the result.

    The script that I will use will execute one way commands. I don't need output.
    Please, tell me where to find the file that force pfsense to ask every time then I login

    *** Welcome to pfSense 1.2.3-RELEASE-pfSense on pfsense-vm ***

    WAN*                    -> em0 -> 192.168.1.117(DHCP)
      LAN*                    -> em1 -> 192.168.1.111

    pfSense console setup


    0)  Logout (SSH only)
    1)  Assign Interfaces
    2)  Set LAN IP address
    3)  Reset webConfigurator password
    4)  Reset to factory defaults
    5)  Reboot system
    6)  Halt system
    7)  Ping host
    8)  Shell
    9)  PFtop
    10)  Filter Logs
    11)  Restart webConfigurator
    12)  pfSense Developer Shell
    13)  Upgrade from console
    14)  Disable Secure Shell (sshd)

    Enter an option:


  • Rebel Alliance Developer Netgate

    What I suggested in the last message will work, regardless of whether or not you need the output. That is the proper way to remotely execute ssh commands.

    If you really want to get rid of the menu, remove the contents of /root/.profile, and then when you login as root it will just go to a shell prompt.



  • ok, thank you!

    best wishes


Log in to reply