Enabling/disabling a single rule from the command line
-
Hi all,
sometimes I need to access a port forwarding to test some configurations. I don't want to leave http(s) open on the firewall to access the firewall configuration, I'd like to have a way to keep the port forwarding rule disabled and to enable it from the console. Is there any tool/script to use? -
Such a tool does not exist.
It wouldn't be too difficult to write a little PHP script to find that rule, change the bit, update the config and sync the filter, but for what you're doing that seems a bit like overkill.
Why not limit access to the HTTP/HTTPS port to your remote site? You can make an alias that includes a hostname, so using a dyndns host for the other end would work fine. Then so long as you have a dyndns host/client going at the remote location (or laptop, or whatever) then you can get in.
-
Can you give me some hints about when the rules are stored and from which script are triggered? So I can try to elaborate my own wrapper.
-
Well ….
If you want to write a small (php) script that changes the firewall, then you should also be able to read (php) code that changes the firewall.
Good news: pfSense IS a bunch of php files that does just about that.
When you visit the /firewall_rules.php page, start reading the (php) code, and some files that are included, and you will figure out real fast how they did it. -
If you have php skills, take a look on pfBlocker code, there are many checks and manipulation on rules.