Add firewall rules from CLI

Started by oleschool, August 19, 2016, 08:53:33 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 19, 2016, 08:53:33 AM
Greetings,

I was curious if there was a way to add firewall rules from the command line/console?

Apologies if this has been answered elsewhere, however I could not find anything through my forum search.

Version: OPNsense 16.7.1-amd64

Regards.
August 19, 2016, 11:22:10 AM #1 Last Edit: August 19, 2016, 12:02:24 PM by franco
Hi there,

Coincidentally, we talked about this on IRC yesterday. There is no API for firewall rules yet. Once we (hopefully) get interfaces into an API for 17.1, we can possibly dream of a firewall rules API for 17.7. It depends on workload and external help.

The safest bet for local automation right now is to adapt the actual firewall_rules_edit.php as a custom GET script, embed a security token into that script -- let's name it rules_patch.php -- and move it to /usr/local/www to be called from an external location for the actual APIsh invoke... Something like this:

1. SSH into box, embed unique security token into rules_patch.php, copy it to /usr/local/www/
2. Make your command line GET call https://foo.bar/rules_patch.php?all=my&rules=scripting&security=T0K3N!1
3. SSH into box, remove the exposed rules_patch.php and run /usr/local/etc/rc.filter_configure_sync to apply the new rule


Cheers,
Franco
Print
Go Up Pages1
User actions