Enabling/disabling a single rule from the command line
sometimes I need to access a port forwarding to test some configurations. I don't want to leave http(s) open on the firewall to access the firewall configuration, I'd like to have a way to keep the port forwarding rule disabled and to enable it from the console. Is there any tool/script to use?
Such a tool does not exist.
It wouldn't be too difficult to write a little PHP script to find that rule, change the bit, update the config and sync the filter, but for what you're doing that seems a bit like overkill.
Why not limit access to the HTTP/HTTPS port to your remote site? You can make an alias that includes a hostname, so using a dyndns host for the other end would work fine. Then so long as you have a dyndns host/client going at the remote location (or laptop, or whatever) then you can get in.
Can you give me some hints about when the rules are stored and from which script are triggered? So I can try to elaborate my own wrapper.
Gertjan last edited by
If you want to write a small (php) script that changes the firewall, then you should also be able to read (php) code that changes the firewall.
Good news: pfSense IS a bunch of php files that does just about that.
When you visit the /firewall_rules.php page, start reading the (php) code, and some files that are included, and you will figure out real fast how they did it.
marcelloc last edited by
If you have php skills, take a look on pfBlocker code, there are many checks and manipulation on rules.