The pfSense Store

Author Topic: Change the LAN firewalling  (Read 1988 times)

0 Members and 1 Guest are viewing this topic.

ko08nz

  • Guest
Change the LAN firewalling
« on: May 09, 2010, 01:03:32 pm »
Hi,

- I did a mistake : i disabled by error all the traffics in the LAN subnet.
Is it possible to change a rule in the LAN by the command line ? You know re-enable again the traffics without doing a reset...

- Is it possible to restart a service by the commande line like IPSec ?
Perhaps just killing the racoon pid... ?

Thank you in advance for your return.

++

Offline GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5063
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: Change the LAN firewalling
« Reply #1 on: May 09, 2010, 01:09:32 pm »
Why not just log in and create a new rule allowing traffic again?
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #2 on: May 09, 2010, 03:04:38 pm »
Well, it seemed that i wasn't able to access by http protocole...
I'll check by rebooting once again.

Offline Efonne

  • Administrator
  • Hero Member
  • *****
  • Posts: 630
    • View Profile
Re: Change the LAN firewalling
« Reply #3 on: May 09, 2010, 03:36:54 pm »
If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #4 on: May 20, 2010, 08:17:35 am »
Quote
If you've disabled the web gui anti-lockout rule for LAN,

But how could i disable it since right now, i can't access to the web interface ?

the rule disable all traffics in the LAN...

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #5 on: May 20, 2010, 11:45:20 am »
Quote
Blocked access with firewall rules

If you blocked yourself out of the WebGUI remotely with a firewall rule, there may still be hope. This shouldn't happen from the LAN as there should be an anti-lockout rule that maintains access to the WebGUI from that interface.

Having to walk someone on-site through fixing the rule is better than losing everything!

Well, i can't access from the LAN...

Is is possible to disable the rule for the LAN interface by the console ?

Thank you in advance.

++

Offline GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5063
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: Change the LAN firewalling
« Reply #6 on: May 20, 2010, 11:54:39 am »
If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.


We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #7 on: May 20, 2010, 12:35:45 pm »
Quote
If you've disabled the web gui anti-lockout rule for LAN, I think you can re-enable it by setting the LAN IP address from the console.

 ??? Well i don't really understand... ???

I did not disable "the web gui anti-lockout rule for LAN".
I did make a rule on the firewall configuration that disable all traffics from the LAN.

I've tried to set the LAN IP address with the console but i still can not access.

I did disable the firewall :
Code: [Select]
pfctl -dBut i still can't access to the webgui.

With which command could i modify the /tmp/rules.debug file, please ?
I tried emacs, vim, nano but these commands do not existe.

++

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #8 on: May 20, 2010, 01:07:27 pm »
I found "ee" command to edit a file.

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #9 on: May 20, 2010, 01:22:11 pm »
Well i can now edit /tmp/rules.debug but i can not find my "rule" that block all the LAN traffics...

I'm still blocked...

Offline kpa

  • Full Member
  • ***
  • Posts: 261
    • View Profile
Re: Change the LAN firewalling
« Reply #10 on: May 20, 2010, 01:29:49 pm »
You don't have to edit anything, just do what Efonne told you, reset the LAN address using option 2) in the console menu.

Offline Efonne

  • Administrator
  • Hero Member
  • *****
  • Posts: 630
    • View Profile
Re: Change the LAN firewalling
« Reply #11 on: May 20, 2010, 04:56:47 pm »
If you want to do it by manually editing /tmp/rules.debug anyway, run pfctl -o basic -f /tmp/rules.debug after you are done to reload the rules.

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #12 on: May 21, 2010, 02:33:15 am »
You don't have to edit anything, just do what Efonne told you, reset the LAN address using option 2) in the console menu.

Just said, i did this action several time.
And i connected to the LAN interface directly to access but i did not success...

ko08nz

  • Guest
Re: Change the LAN firewalling
« Reply #13 on: May 21, 2010, 03:08:40 am »
Well, my apologies.
It seems that's re-enable the set up of the LAN does resolve the problem.

I had some ethernet cable trouble...

Thanks again for your help.
++