Change the LAN firewalling



  • Hi,

    • I did a mistake : i disabled by error all the traffics in the LAN subnet.
      Is it possible to change a rule in the LAN by the command line ? You know re-enable again the traffics without doing a reset…

    • Is it possible to restart a service by the commande line like IPSec ?
      Perhaps just killing the racoon pid... ?

    Thank you in advance for your return.

    ++



  • Why not just log in and create a new rule allowing traffic again?



  • Well, it seemed that i wasn't able to access by http protocole…
    I'll check by rebooting once again.



  • If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.



  • If you've disabled the web gui anti-lockout rule for LAN,

    But how could i disable it since right now, i can't access to the web interface ?

    the rule disable all traffics in the LAN…



  • Blocked access with firewall rules

    If you blocked yourself out of the WebGUI remotely with a firewall rule, there may still be hope. This shouldn't happen from the LAN as there should be an anti-lockout rule that maintains access to the WebGUI from that interface.

    Having to walk someone on-site through fixing the rule is better than losing everything!

    Well, i can't access from the LAN…

    Is is possible to disable the rule for the LAN interface by the console ?

    Thank you in advance.

    ++



  • @Efonne:

    If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.



  • If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.

    ??? Well i don't really understand… ???

    I did not disable "the web gui anti-lockout rule for LAN".
    I did make a rule on the firewall configuration that disable all traffics from the LAN.

    I've tried to set the LAN IP address with the console but i still can not access.

    I did disable the firewall :

    pfctl -d
    

    But i still can't access to the webgui.

    With which command could i modify the /tmp/rules.debug file, please ?
    I tried emacs, vim, nano but these commands do not existe.

    ++



  • I found "ee" command to edit a file.



  • Well i can now edit /tmp/rules.debug but i can not find my "rule" that block all the LAN traffics…

    I'm still blocked...



  • You don't have to edit anything, just do what Efonne told you, reset the LAN address using option 2) in the console menu.



  • If you want to do it by manually editing /tmp/rules.debug anyway, run pfctl -o basic -f /tmp/rules.debug after you are done to reload the rules.



  • @kpa:

    You don't have to edit anything, just do what Efonne told you, reset the LAN address using option 2) in the console menu.

    Just said, i did this action several time.
    And i connected to the LAN interface directly to access but i did not success…



  • Well, my apologies.
    It seems that's re-enable the set up of the LAN does resolve the problem.

    I had some ethernet cable trouble…

    Thanks again for your help.
    ++


Locked