Hi again!
From time to time I have to reset the states with a simple
/sbin/pfctl -F state
via Cron.
However, I don's see any "free text" option for Cron under "System"-"Settings"-"Cron".
Is it possible to create an arbitrary Cron job and switch the <command> in the config.xml to make this work?
Any help on that highly appreciated!
Is there no way to create a custom cron job? Maybe from command line?
You need to create an entry for the job for configd, it then creates the cron job,
Have a look here.
http://kb.unixservertech.com/other/networking/opnsense/cron-jobs (http://kb.unixservertech.com/other/networking/opnsense/cron-jobs)
OK, many thanks, something to start with. Will the basic command
/sbin/pfctl -F state
work for OPNsense, as it comes from the other side of the sense universe?
Is nano present on OPNsense by default or how to "create a file" in the respective directory...
There really is no simple way to create a Cron job with a custom command? Really strange...
Many thanks in advance!
Quote from: chemlud on December 28, 2018, 01:37:14 PM
OK, many thanks, something to start with. Will the basic command
/sbin/pfctl -F state
work for OPNsense, as it comes from the other side of the sense universe?
Is nano present on OPNsense by default or how to "create a file" in the respective directory...
There really is no simple way to create a Cron job with a custom command? Really strange...
Many thanks in advance!
No it wont work, or should I say 'I doubt it will work'. It's all to do with security I suspect. It's really very very easy. Firstly, you need to create a conf file for your cron event. Here's one I use for ping check. It runs every ten minutes and if if fails continuously then it will reboot opnsense.
[load]
command:/usr/local/sbin/ping_check.sh
parameters:
type:script
message:starting ping check
description:ping_check
So you could just try using your command in the conf file, command and params, however, you may prefer to create a shell script and call that as I have done above.Either way, once all is in place issue the command 'service configd restart' in the shell.Now go to System->Settings-Cron and add your new entry, you should find your function is now listed in the drop down when you add a new job.
...i'm logged in via SSH, but how to create/edit a file? nano is not in place, which editor is there (hopefully not vi....)
I'm a little lost....
PS: found libedit in the Packages, but this seems the same/more pain than vi at first sight... is there a simple editor available?
you can install vim (vim-lite) and emacs (emacs-nox) via pkg (both are in the repository). But you can also upload the file using sftp.
I like nano also and had to use pkg add . It works well.
I used vi now (copy&paste :-D) and created:
[load]
command:/sbin/pfctl -F state
parameters:
type:script
message:kill all states
description: kill_states
could establish a Cron job afterwards, but apparently the states are not killed... What's wrong here?
PS: Have to correct me, apparently the states are killed now, dunno why it didn't work first time... :-)
Quote from: chemlud on December 28, 2018, 05:08:49 PM
...i'm logged in via SSH, but how to create/edit a file? nano is not in place, which editor is there (hopefully not vi....)
I'm a little lost....
PS: found libedit in the Packages, but this seems the same/more pain than vi at first sight... is there a simple editor available?
Simples... I use windows, therefore I create the file using notepad++ - remember to set end of line to Unix style, then I use WinSCP to transfer... sooo easy.