Persistent custom firewall rules in rules.debug



  • Hello,

    I'd like to have a persistent custom firewall rules block in /tmp/rules.debug.
    Is there any possibility to have not been overwritten them by the pfsense gui ?

    Thanks.



  • Out of cursority, what kind of rules? There is a package that you can apply that runs custom scripts at start up (Shellcmd). You could write a script in /boot/ and load that on every boot. It might not be able to survive upgrade, so back it up often.



  • @podilarius:

    Out of cursority, what kind of rules? There is a package that you can apply that runs custom scripts at start up (Shellcmd). You could write a script in /boot/ and load that on every boot. It might not be able to survive upgrade, so back it up often.

    The previous admin, that set both pfsense, added some sophisticated blocking rules on one instance, which I cannot see in gui, but only in rules.debug. They are working on one pfsense (a 2.0 RC) instance (not being rewritten by gui), and not working (are being rewritten by gui) in an upgraded tp 2.0-RELEASE instance. I'd like them to not being rewritten by gui in upgraded instance.



  • @slagr:

    @podilarius:

    Out of cursority, what kind of rules? There is a package that you can apply that runs custom scripts at start up (Shellcmd). You could write a script in /boot/ and load that on every boot. It might not be able to survive upgrade, so back it up often.

    The previous admin, that set both pfsense, added some sophisticated blocking rules on one instance, which I cannot see in gui, but only in rules.debug. They are working on one pfsense (a 2.0 RC) instance (not being rewritten by gui), and not working (are being rewritten by gui) in an upgraded tp 2.0-RELEASE instance. I'd like them to not being rewritten by gui in upgraded instance.

    I've found that old pfsense instance has a modified filter.inc. filter_rules_generate function has been updated with a bunch of new rules. Thanks.



  • If you provide a sample of the rules, perhaps someone here can help translate those into firewall rules that can persist past upgrades.


Log in to reply