Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Enabling/disabling a single rule from the command line

    Firewalling
    4
    5
    1719
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978 last edited by

      Hi all,
      sometimes I need to access a port forwarding to test some configurations. I don't want to leave http(s) open on the firewall to access the firewall configuration, I'd like to have a way to keep the port forwarding rule disabled and to enable it from the console. Is there any tool/script to use?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Such a tool does not exist.

        It wouldn't be too difficult to write a little PHP script to find that rule, change the bit, update the config and sync the filter, but for what you're doing that seems a bit like overkill.

        Why not limit access to the HTTP/HTTPS port to your remote site? You can make an alias that includes a hostname, so using a dyndns host for the other end would work fine. Then so long as you have a dyndns host/client going at the remote location (or laptop, or whatever) then you can get in.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • F
          fluca1978 last edited by

          Can you give me some hints about when the rules are stored and from which script are triggered? So I can try to elaborate my own wrapper.

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan last edited by

            Well ….
            If you want to write a small (php) script that changes the firewall, then you should also be able to read (php) code that changes the firewall.
            Good news: pfSense IS a bunch of php files that does just about that.
            When you visit the /firewall_rules.php page, start reading the (php) code, and some files that are included, and you will figure out real fast how they did it.

            No "help me" PM's please. Use the forum.

            1 Reply Last reply Reply Quote 0
            • marcelloc
              marcelloc last edited by

              If you have php skills,  take a look on pfBlocker code, there are many checks and manipulation on rules.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post