Enabling/disabling a single rule from the command line

  • Hi all,
    sometimes I need to access a port forwarding to test some configurations. I don't want to leave http(s) open on the firewall to access the firewall configuration, I'd like to have a way to keep the port forwarding rule disabled and to enable it from the console. Is there any tool/script to use?

  • Rebel Alliance Developer Netgate

    Such a tool does not exist.

    It wouldn't be too difficult to write a little PHP script to find that rule, change the bit, update the config and sync the filter, but for what you're doing that seems a bit like overkill.

    Why not limit access to the HTTP/HTTPS port to your remote site? You can make an alias that includes a hostname, so using a dyndns host for the other end would work fine. Then so long as you have a dyndns host/client going at the remote location (or laptop, or whatever) then you can get in.

  • Can you give me some hints about when the rules are stored and from which script are triggered? So I can try to elaborate my own wrapper.

  • Well ….
    If you want to write a small (php) script that changes the firewall, then you should also be able to read (php) code that changes the firewall.
    Good news: pfSense IS a bunch of php files that does just about that.
    When you visit the /firewall_rules.php page, start reading the (php) code, and some files that are included, and you will figure out real fast how they did it.

  • If you have php skills,  take a look on pfBlocker code, there are many checks and manipulation on rules.