PfBlockerNG - disable from command line ?
-
Is there a way to change the rules to match or disable pfblockerNG from the command line ? I accidently switch the rules to deny both instead of match and I think its preventing me from browsing the IP for pfSense itself.
I can still access thru SSH.
-
You can temporarily disable all packet filtering via
pfctl -dBrowse the GUI and fix the settings as required.
-
How do I enable again when I am done ?
it successfully disabled, the browing the GUI is at a standstill. Not sure what I did. Only thing I was messing with was the iblock subscriptions
-
No need to re-enable, it will re-enable itself after a while (pretty sure on pfBNG reload as well). pfBNG is not a service, there's nothing to disable, it only created rules for packet filter.
-
Thank you for the help ! I rebooted the device and made the change ASAP.
Is there something in the GUI that reflects that the PF is disabled ? I am just trying to understand the command so I can check to make sure PF is enabled again. Or can I run something at the command line to see its status ?
-
Nah, nothing that I'd know of…. pfctl -d disabled, pfctl -e re-enables. This would be done automagically anyway after a while.
https://doc.pfsense.org/index.php/Locked_out_of_the_WebGUI#Remotely_Circumvent_Firewall_Lockout_by_Temporarily_Changing_the_Firewall_Rules