Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enabling/disabling a single rule from the command line

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978
      last edited by

      Hi all,
      sometimes I need to access a port forwarding to test some configurations. I don't want to leave http(s) open on the firewall to access the firewall configuration, I'd like to have a way to keep the port forwarding rule disabled and to enable it from the console. Is there any tool/script to use?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Such a tool does not exist.

        It wouldn't be too difficult to write a little PHP script to find that rule, change the bit, update the config and sync the filter, but for what you're doing that seems a bit like overkill.

        Why not limit access to the HTTP/HTTPS port to your remote site? You can make an alias that includes a hostname, so using a dyndns host for the other end would work fine. Then so long as you have a dyndns host/client going at the remote location (or laptop, or whatever) then you can get in.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • F
          fluca1978
          last edited by

          Can you give me some hints about when the rules are stored and from which script are triggered? So I can try to elaborate my own wrapper.

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Well ….
            If you want to write a small (php) script that changes the firewall, then you should also be able to read (php) code that changes the firewall.
            Good news: pfSense IS a bunch of php files that does just about that.
            When you visit the /firewall_rules.php page, start reading the (php) code, and some files that are included, and you will figure out real fast how they did it.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              If you have php skills,  take a look on pfBlocker code, there are many checks and manipulation on rules.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.