Netgate SG-1000 microFirewall

Author Topic: Change firewall rules with shell?  (Read 38280 times)

0 Members and 1 Guest are viewing this topic.

Offline komplex

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Change firewall rules with shell?
« on: February 14, 2009, 12:09:16 pm »
Is there anyway to change the firewall rules in the shell? I made a mistake in setting up my rules and cant access the webGUI remotely and don't want to drive 120 miles to the office to change it. I really only need to make a rule to forward port 31337 to port 80 and I think I need to add a NAT rule.

Thanks!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20158
  • Karma: +1198/-8
    • View Profile
Re: Change firewall rules with shell?
« Reply #1 on: February 14, 2009, 07:32:09 pm »
If you can get in via ssh, you can set your ssh client to tunnel whatever port you need to connect back to the WebGUI.

If the WebGUI is on port 80, set your client to forward local port 80 (or 8080, or whatever) to remote port "localhost:80", then point your browser to http://localhost:80 (or whichever local port you chose.)

That should get you in to do whatever you need.

You can make some changes to the system via the PHP shell, but it's easier to just forward the port with ssh if that is still working.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20158
  • Karma: +1198/-8
    • View Profile
Re: Change firewall rules with shell?
« Reply #2 on: February 14, 2009, 08:22:12 pm »
If it helps, I added an FAQ page for this (And similar scenarios)

There are probably more ways than I mention there to get in, but I put more details on the SSH method there as well:

http://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI%2C_help!
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline billm

  • Hero Member
  • *****
  • Posts: 731
  • Karma: +1/-1
    • View Profile
    • UCSecurity - Technology discovery and ramblings
Re: Change firewall rules with shell?
« Reply #3 on: February 16, 2009, 02:24:32 pm »
You can also disable filtering entirely from the command line with a 'pfctl -d'.  Alternately, we leave the loaded ruleset in /tmp/rules.debug, feel free to edit it to fix your connectivity issue and reload with pfctl -f /tmp/rules.debug, then do whatever work you need to do in the UI to make the fix permanent.

--Bill
pfSense core developer
blog - http://www.ucsecurity.com/
twitter - billmarquette