Messages

Code Select Expand

python3 shaper.py disable 63c924d0-794e-4976-9bf0-e171e3911d29

I've input the uuid to the script,but it return the error.

2024-02-27 20:58:22,402 - ERROR - Failed to enable rule, status code: 400, response content: {"message":"action toggleRule expects at least 1 parameter(s)","status":400}

The show command works fine.

python3 shaper.py show 63c924d0-794e-4976-9bf0-e171e3911d29
Rule 63c924d0-794e-4976-9bf0-e171e3911d29 is currently enabled.

Code Select Expand


import requests
import json
import logging
import argparse
import warnings
from urllib3.exceptions import InsecureRequestWarning
warnings.filterwarnings("ignore", category=InsecureRequestWarning)

# Set up command-line argument parsing
parser = argparse.ArgumentParser(description='Toggle the status of an OPNsense Traffic Shaper rule or show its current status.')
parser.add_argument('action', choices=['enable', 'disable', 'show'], help='Action to perform on the rule (enable, disable, or show status).')
parser.add_argument('rule_uuid', help='UUID of the rule to modify or view.', nargs='?')  # Make rule_uuid optional for show action
args = parser.parse_args()

# Initialize logging
LOG_FILE_PATH = '/root/shaper.log'
logging.basicConfig(filename=LOG_FILE_PATH, level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')

API_KEY = 'YOUR_KEY'
API_SECRET = 'YOUR_SECRET'
OPNSENSE_URL = 'https://127.0.0.1/api'

def get_rule_status(rule_uuid):
    """Retrieve the current status of a rule."""
    url = f"{OPNSENSE_URL}/trafficshaper/settings/getRule/{rule_uuid}"
    auth = (API_KEY, API_SECRET)
    response = requests.get(url, auth=auth, verify=False)
    if response.ok:
        rule_data = response.json()
        enabled = rule_data['rule']['enabled'] == '1'
        return enabled
    else:
        logging.error(f"Failed to retrieve rule status, status code: {response.status_code}, response content: {response.text}")
        return None

def toggle_rule(rule_uuid, enable):
    """Toggle the status of a specified Traffic Shaper rule to either enable or disable."""
    url = f"{OPNSENSE_URL}/trafficshaper/settings/toggleRule"
    headers = {'Content-Type': 'application/json'}
    data = {"uuid": rule_uuid, "enabled": "1" if enable else "0"}
    auth = (API_KEY, API_SECRET)
    action = 'enable' if enable else 'disable'
    logging.info(f"Attempting to {action} rule: {rule_uuid}")
    response = requests.post(url, headers=headers, data=json.dumps(data), auth=auth, verify=False)
    if response.ok:
        logging.info(f"Rule {rule_uuid} successfully {action}d.")
    else:
        logging.error(f"Failed to {action} rule, status code: {response.status_code}, response content: {response.text}")

def show_rule_status(rule_uuid):
    """Show the enable/disable status of a specified Traffic Shaper rule."""
    enabled = get_rule_status(rule_uuid)
    if enabled is not None:
        status = 'enabled' if enabled else 'disabled'
        logging.info(f"Rule {rule_uuid} is currently {status}.")
        print(f"Rule {rule_uuid} is currently {status}.")
    else:
        print("Failed to retrieve rule status.")

# Determine action
if args.action == 'show':
    if args.rule_uuid:
        show_rule_status(args.rule_uuid)
    else:
        logging.error("Rule UUID is required for 'show' action.")
elif args.rule_uuid:
    if args.action in ['enable', 'disable']:
        enable = args.action == 'enable'
        toggle_rule(args.rule_uuid, enable)
    else:
        logging.error("Invalid action provided. Use 'enable', 'disable', or 'show'.")
else:
    logging.error("Rule UUID is required for 'enable' or 'disable' actions.")



Code Select Expand


python3 shaper.py -h
usage: shaper.py [-h] {enable,disable,show} [rule_uuid]

Toggle the status of an OPNsense Traffic Shaper rule or show its current status.

positional arguments:
  {enable,disable,show}
                        Action to perform on the rule (enable, disable, or show status).
  rule_uuid             UUID of the rule to modify or view.

optional arguments:
  -h, --help            show this help message and exit



The show function works fine,but the enable and disable can not work,the error is:

2024-02-27 20:58:22,402 - ERROR - Failed to enable rule, status code: 400, response content: {"message":"action toggleRule expects at least 1 parameter(s)","status":400}

How can I fix it ?

I use ntop-ng to monitor the network, it need redis to start,so I install redis,but I found redis can only listen at lan or wan,in face,it should only listen at 127.0.0.1 to reduce security risk.

Not possible to do it at this time via GUI. This was already discussed and requested on the forum, but currently at least from the plan OPN has its not on the feature list to be developed.

You can however achieve this time based shaping via CRON and scripts, but that needs (your) manual work.

Regards,
S.

How can I make it via cron or script ?
Would you like to be kind enough to show me some way to do it?
I can not thought anything about using cron or scritpt to do it.
Thanks very much.

I'd like to shaper the flow by time,such as from 0:00 to 12:00 ,I can limit IP1 to 100Mbps,from 12:00 to 24:00,I can limit IP2 to 80Mbps.
Would you like add the time selector in the shaper rules editor?

Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.

kern_securelevel_enable="YES"    # kernel security level (see security(7))       
kern_securelevel="x"   # range: -1..3 ; `-1' is the most insecure

Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).


Good luck,
Franco

The /etc/hosts was also restored after reboot.

I want to modify the rc.conf to enable secure_level of FreeBSD,but I found that it will be restored after reboot.
How can I make it ?
Thanks.

https://opnsense.org/about/road-map/

:P

Cool,suricata 7.
I thought the base will upgrade to FreeBSD 14.x, but it seems not be necessary.

 ;D
I can't wait to see it.

Anybody could be kind enough to show us a HOWTO about "monit ping test and auto reboot after ping failed"

Would you like to upgrade the bandwidthd with ipv6 support.
Thanks.

We can find the repo:
https://github.com/perkinslr/bandwidthd-ipv6

I run FreeBSD 14.0 on my Microsoft Volterra. Web (Epiphany) crashes sometimes, Otter browser crashes often, Firefox and Thunderbird do not work. Gnome does not work (I use LXDE). Of course, much has to do with lack of support for my hardware. But they had a lot of time to fix it before releasing it.

You can try xfce , but I will not use FreeBSD as the desktop OS instead of server.

14.1 for sure. ;)


Cheers,
Franco

nod , 14.1 maybe the better choice :)

https://www.freebsd.org/releases/14.0R/announce/

Shall I enable RSS but the CLI ?

sysctl -a | grep rss
net.inet.rss.bucket_mapping: 0:0 1:1 2:2 3:3
net.inet.rss.enabled: 0
net.inet.rss.debug: 0
net.inet.rss.basecpu: 0
net.inet.rss.buckets: 4
net.inet.rss.maxcpus: 64
net.inet.rss.ncpus: 4
net.inet.rss.maxbits: 7
net.inet.rss.mask: 3
net.inet.rss.bits: 2
net.inet.rss.hashalgo: 2
hw.bxe.udp_rss: 0
hw.ix.enable_rss: 1