OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: oleschool on August 19, 2016, 08:53:33 am

Title: Add firewall rules from CLI
Post by: oleschool on August 19, 2016, 08:53:33 am

I was curious if there was a way to add firewall rules from the command line/console?

Apologies if this has been answered elsewhere, however I could not find anything through my forum search.

Version: OPNsense 16.7.1-amd64

Title: Re: Add firewall rules from CLI
Post by: franco on August 19, 2016, 11:22:10 am
Hi there,

Coincidentally, we talked about this on IRC yesterday. There is no API for firewall rules yet. Once we (hopefully) get interfaces into an API for 17.1, we can possibly dream of a firewall rules API for 17.7. It depends on workload and external help.

The safest bet for local automation right now is to adapt the actual firewall_rules_edit.php as a custom GET script, embed a security token into that script -- let's name it rules_patch.php -- and move it to /usr/local/www to be called from an external location for the actual APIsh invoke... Something like this:

1. SSH into box, embed unique security token into rules_patch.php, copy it to /usr/local/www/
2. Make your command line GET call https://foo.bar/rules_patch.php?all=my&rules=scripting&security=T0K3N!1
3. SSH into box, remove the exposed rules_patch.php and run /usr/local/etc/rc.filter_configure_sync to apply the new rule