Disabling/Enabling an FW rule from the Shell

  • Hi,

    It's a great feature to disable/enable a firewall rule via the firewall_rules.php page. How can I do that from the shell?

    Greetings from germany


  • Can anyone help me please?

  • Rebel Alliance Developer Netgate

    It is not currently possible. Not in a way most people could accomplish.

    One could hand edit the config and reload the ruleset from the CLI, but that isn't easy (for most)

  • Thank you very much.

    How can I reload the ruleset from the CLI?

    /usr/local/sbin/pfSctl -c "interface newip $1"

    Every time this command is executed, my openvpn (client) gets disconnected :-(
    When I'm commenting out this line in the ovpn-linkup file, the disconnect won't happen, but my port forwardings aren't working anymore :-( So I have to disable the rule and enable it again a few seconds later.

  • Netgate Administrator

    This is a bit late and in fact it looks likd you've got some other problems there but….
    You can reload the config file from the command line using:


    Your vpn client shouldn't be failing.


Log in to reply