How do you automate pFsense Changes?



  • I just added 10 host DNS overrides entries and it was PAINFUL!  Copy the host name, copy the domain, copy the IP, submit, wait for the page to load, scroll to the bottom of the page, click the plus button, wait for the page to reload, repeat.

    It easily took me 30 mins to add those ten entries.  I have a few dozen more to do tomorrow.  (And that's not even mentioning the stuff we want to do with VMware which will require automatic updates without human intervention).

    Apparently there is not going to be an API…[1]

    So, pFsense gurus, how do you automate firewall changes?  Any awesome Chef recipes?  Or should we be looking at a paid Cisco product if we need automation?

    Thanks for any advice!

    [1]  https://forum.pfsense.org/index.php?topic=76587.0




  • Rebel Alliance Global Moderator

    30 mins for 10 entries – really??  So 3 minutes an entry..  come on, it was more like 3 minutes tops. If you can not copy and paste some name and IP in lets call it 10 seconds you must be physically/mentally handicapped in some way?  What did it take you 3 hours to write your post?

    So your saying it takes you 3 minutes to copy and paste 3 items??  Come on...

    You do understand you could load a file with all your entries in it, or just paste them into the advanced box as well if you had a list..



  • heper - That's awesome.  Actually, going the Chef route would be ideal.  Too bad we have to wait for v3.0

    johnpoz - WOW.  WTF did I do to deserve such hostility?  I'm physically or mentally handicapped?  Really?  I guess it takes one to know one…

    So your saying it takes you 3 minutes to copy and paste 3 items??  Come on...

    You didn't read my post did you.  It probably realistically takes 10-20s per item, because let's face it, windows thinks it knows best and tries to copy erroneous spaces and characters.  But past that, it was all of the click, load a page, copy some info, click wait for the page to load again, scroll to the bottom of the page.

    You do understand you could load a file with all your entries in it, or just paste them into the advanced box as well if you had a list..

    Hurr Durr...  If I knew that then why would I be posting to ask that question?

    No.  I didn't know that.  Hence the post.

    I hope you find whatever it is your looking for.  You sure don't seem like a very happy person.  Thanks for the passive aggressive advice anyway.



  • to address OP's reported post and complaint:

    johnpoz: be nice, please.

    three18ti: don't take things from random people on the Internet personally.

    johnpoz's point, if not the delivery, is pretty spot on. No way it actually took that long unless you're the world's slowest typist. Still, there are ways to automate the addition of such things that speeds it up considerably if you have a lot to add.

    I script the creation of the XML bits, and paste it into the config using viconfig, when doing any significant number of additions. Assuming the source data is in some kind of reasonably parseable format like CSV or similar, it's pretty quick and easy to throw together a script of some sort to output the appropriate XML. If it's something that needs to be updated frequently, then that's not a good option. In the case of host overrides, if you have a need for a bunch of registrations that change frequently, you're better off using a full blown DNS server with the ability to do dynamic updates.


  • Rebel Alliance Global Moderator

    @cmb I was being nice - I didn't come straight out and call him retarded now did I.. ;) ROFL

    "windows thinks it knows best and tries to copy erroneous spaces and characters"

    So now its windows fault?  If you don't like the way windows copies something.. Why not just manually enter the data while looking at it?  If its slower to copy and paste? You do know you can just highlight the word vs double clicking which will only grab what you highlight.. You could hit backspace after pasting to remove the extra spaces at the end, etc.

    I have no idea what the source of your data is, you could clean that up in whatever your using so there is no extra spaces at the end so they can not be copied, etc.  Windows word and such have settings to adjust how things are copied.  Or look to a clipboard manager to automate the modification of what gets pasted if windows is grabbing stuff you don't want, etc..  Try for example http://www.clipboardfusion.com/ it has a FREE version that will shave your 30 mins down to a few seconds if your complaint is windows keeps grabbing spaces at the end of selections that have space at the end of them in your source.



  • if [ ! Constructive_Confrontation ]; then
        Is_Jerk = true;
    fi



  • @three18ti:

    I just added 10 host DNS overrides entries and it was PAINFUL!  Copy the host name, copy the domain, copy the IP, submit, wait for the page to load, scroll to the bottom of the page, click the plus button, wait for the page to reload, repeat.

    It easily took me 30 mins to add those ten entries.  I have a few dozen more to do tomorrow.  (And that's not even mentioning the stuff we want to do with VMware which will require automatic updates without human intervention).

    Apparently there is not going to be an API…[1]

    So, pFsense gurus, how do you automate firewall changes?  Any awesome Chef recipes?  Or should we be looking at a paid Cisco product if we need automation?

    Thanks for any advice!

    [1]  https://forum.pfsense.org/index.php?topic=76587.0

    Have you tried the "Advanced" menu?  For example:

    
    bogus-nxdomain=198.105.244.24
    bogus-nxdomain=198.105.254.24
    address=/examplez.com/127.0.0.1
    
    

    The Advanced menu for dnsmasq here is over 1100 lines long.  running ps -Aww isn't pretty, but it works nicely from the first domain to the last!