$100 - Custom XML Sync Router A -> Multiple Routers
-
Looking for someone to make a very specific XML sync for me.
We have currently 6 pfSense routers in place. Each router is physically at diferent sites. Each router has a very similar configuration, but most importantly the OPT1 interface has a different network (192.168.10.X, 192.168.11.X, etc.). All routers are connected over a VPN and accessible to each other. Once I get an idea if anyone is interested here, I can write/discuss in detail; But I'd simply like certain sections of the configuration to be synced (without being changed) and other sections of the configuration synced (being changed). I believe the pfSense XML sync would sync some information that I want synced, but since this is not for 'failover' purposes, it's not what I need (and it doesn't sync others), so this is a very good example possibly 99% of what i am looking for; Before we finalize the start of project; I'd 'document/explain' as much as possible by even going through XML with you and showing exact examples…:
- Sync certain Firewall Aliases. i.e. today I have one alias I'd like synced, External_Friendly, no adjustments to be made but if I make a change to this alias, it would be synced to the other routers. Maybe in the future I'd like to add another alias that does this so maybe a config option to specify which aliases to sync.
- All Captive Portal
- DHCP Server - This is the most unique, I'd want OPT1 DHCP static mappings synced, but only if the IP is between a certain or a few certain blocks, i.e. only between 192.168.10.100-192.168.10.200, and maybe another block 192.168.10.210-192.168.10.220. Also, when it does the sync from the source to change .10 -> .11 for one router, .10 -> .12 for another router, etc. I most likely would not have any DNS servers or naything specific on these mappings, so wouldn't need translation of that too; But maybe that's an option.
- Snort - Either all of snort, or really I believe I just need the Supress list.
That's it... Please, ask questions - Tell me I'm crazy or not.. Give me an idea if this is possible....
I am OK with making one router a master router, so it's only one way sync.. I can make all my changes on the .10 router and have it push out to the rest, of course refreshing the xml config on the remote routers too. Also, it should take into consideration if that router is down at the time, so have a way to check/force update on the remotes.. I can walk through over the phone, email, screen share; To show exactly what/why I'm trying to accomplish this... I named a price, becaus eit's a requirement; Let me know if I'm way too hig, way too low.. Let's discuss.
-
- Sync certain Firewall Aliases. i.e. today I have one alias I'd like synced, External_Friendly, no adjustments to be made but if I make a change to this alias, it would be synced to the other routers. Maybe in the future I'd like to add another alias that does this so maybe a config option to specify which aliases to sync.
This can be done via url table alias. You edit a file on a web server and pfsense boxes fetch it every day.
The rest of you need can only be done with custom php scripts to fetch and apply specific config options.
-
I see that now, for my External_Friendly example that just might work; But that was the smallest of all of my issues. :-/ Yes, I understand the rest would be custom code for sure; Which is why I'm looking for someone… Since you're the only reply, you interested? :-)
-
I've never done customization on that level but I can try some. I guess the amount is lower then necessary hours to program but we can discuss it on private or email.
-
1/ Can be done with pfBlockerNG, if you are talking about IPs/CIDR.
2/ CP already has its own sync feature. Hmm, maybe it's just for vouchers.
3/ Uh… are you really sure it is a good idea? Yuck.
4/ Dunno, what's this? https://github.com/pfsense/pfsense-packages/blob/master/config/snort/snort_sync.xml (not using nor ever intend to use IDS/IPS). -
By design, the sync config options on packages are for pfsense on same cluster. It's not configured to replicate to other pfsense with different setup but in some cases it may work.
-
Well, pfBNG is definitely standalone. As said, NFC about snort. :D
