Hi, On Sat, Nov 13, 2010 at 3:01 AM, Nathan Eisenberg <nat...@atlasnetworks.us> wrote: > I have a customer who wants to be able to automate IP blackholing on their > PFSense firewall from their custom IDS. In essence, the application wants to > go something like > > 'I'm being abused by this IP 198.51.100.20' > 'POST HTTPS://GATEWAY/pfapi.php?alias=blocklist&ip=198.51.100.20&comment=' > 'POST HTTPS://GATEWAY/pfapi.php?action=apply' > > There was a post about this some time ago, and the answer at the time was > 'there's no such functionality'. Is there anything new on this front? > > Nathan Eisenberg
I don't have a pfSense box right now, but you can do something like: ssh r...@192.51.100.20 /my/script.php blocklist 198.51.100.20 comment ssh r...@192.51.100.20 rm -f /tmp/config.cache ; /etc/rc.reload_something2x Where /my/script.php is a script that modifies /conf/config.xml. Hacking that script would only take a minute. You can modify /tmp/rules.debug too, but the rules would be removed on next reload. :) Anyway, you can try this sed trick if you don't want to use PHP: sed 's/<rules>$/<rules><entry1>insert here<\/entry>/g' /conf/config.xml > /conf/config.xml.new (pls refer to the config.xml for the correct XML... :) Regards, [ simon.cpu ] --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org