> -----Original Message----- > From: Michael D. Wood > Sent: Friday, March 29, 2013 15:48 > > On the Diagnostic > Show states > > The Reset States tab...if I read your question right.
That would be verry disruptive, it says: "Resetting the state tables will remove all entries from the corresponding tables. This means that all open connections will be broken and will have to be re-established." We have thousands of active connections for services that should not be interrupted. Sorry, I should have been more clear. I am looking for a way to, in a single execution, reproduce the steps below. Ex: ssh root@firewall '/usr/local/bin/add_ip_to_block_list DOS_DDOS x.y.z.q' or https://firewall/add_ip_to_block_list.php?alias=DOS_DDOS&address=x.y.z.q I think, after reading http://www.linuxnet.ch/pfsense-important-cli-commands/, I am going to have to do this by making a custom php script. I think editing /cf/conf/config.xml and then /etc/rc.reload_all would be too disruptive. -Jason > > -- > Michael D. Wood > www.itsecuritypros.org > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > On Behalf Of Jason Pyeron > Sent: Friday, March 29, 2013 3:05 PM > To: 'pfSense support and discussion' > Subject: [pfSense] Automated updates to firewall rules > > We are replacing our old linux/iptables based firewall with > pfSense. We had rolled in quite a few changes to support > integration with our IDS and other systems. > > The thing I am trying to figure out today is how do we update > an alias's values set then flush the filter states for that > newly added ip address? > > Using 2.0.2-RELEASE (i386), here is how we do it manually: > > Firewall->Aliases > Edit: DOS_DDOS > Add button > Append: x.y.z.q / alert notes > Save button > Apply button > Diagnostics->States > Enter x.y.z.q into the filter > Delete each of the states shown > > Ideally his would be done using a web service, but ssh > commands would work too. > Any suggestions? > > -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
