OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: oleschool on August 19, 2016, 08:53:33 am
-
Greetings,
I was curious if there was a way to add firewall rules from the command line/console?
Apologies if this has been answered elsewhere, however I could not find anything through my forum search.
Version: OPNsense 16.7.1-amd64
Regards.
-
Hi there,
Coincidentally, we talked about this on IRC yesterday. There is no API for firewall rules yet. Once we (hopefully) get interfaces into an API for 17.1, we can possibly dream of a firewall rules API for 17.7. It depends on workload and external help.
The safest bet for local automation right now is to adapt the actual firewall_rules_edit.php as a custom GET script, embed a security token into that script -- let's name it rules_patch.php -- and move it to /usr/local/www to be called from an external location for the actual APIsh invoke... Something like this:
1. SSH into box, embed unique security token into rules_patch.php, copy it to /usr/local/www/
2. Make your command line GET call https://foo.bar/rules_patch.php?all=my&rules=scripting&security=T0K3N!1
3. SSH into box, remove the exposed rules_patch.php and run /usr/local/etc/rc.filter_configure_sync to apply the new rule
Cheers,
Franco