Does anyone know why the alias code is hard limited at 4999 aliases?
See firewall_aliases_edit.php:line 251: for($x=0; $x<4999; $x++) {
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Jason Pyeron
> Sent: Saturday, March 30, 2013 8:36
> To: 'pfSense support and discussion'
> Subject: Re: [pfSense] Automated updates to firewall rules
>
> > -----Original Message-----
> > From: Chris Buechler
> > Sent: Saturday, March 30, 2013 0:48
> >
> > On Fri, Mar 29, 2013 at 3:39 PM, Jason Pyeron <[email protected]>
> > wrote:
> > >
> > > That would be verry disruptive, it says: "Resetting the
> > state tables
> > > will remove all entries from the corresponding tables. This
> > means that
> > > all open connections will be broken and will have to be
> > > re-established." We have thousands of active connections
> > for services that should not be interrupted.
> > >
> >
> > I definitely wouldn't flush the entire state table. You can
> just kill
> > off states to/from the IP in question.
> >
> >
> > > Sorry, I should have been more clear. I am looking for a
> > way to, in a
> > > single execution, reproduce the steps below.
> > >
> > > Ex: ssh root@firewall
> '/usr/local/bin/add_ip_to_block_list DOS_DDOS
> > > x.y.z.q' or
> > >
> >
> https://firewall/add_ip_to_block_list.php?alias=DOS_DDOS&address=x.y.z
> > > .q
> > >
> > > I think, after reading
> > > http://www.linuxnet.ch/pfsense-important-cli-commands/, I
> > am going to have to do this by making a custom php script.
> > >
> >
> > This is probably your best bet today, it wouldn't take a lot to put
> > that together to meet your requirement. We'll hopefully
> have an API at
> > some point in the future, but none exists today.
>
> Are there any roadmaps towards an API? And are there patch
> submission guidelines?
>
> I would like to minimize waste on this.
>
> -Jason
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> - -
> - Jason Pyeron PD Inc. http://www.pdinc.us -
> - Principal Consultant 10 West 24th Street #100 -
> - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
> - -
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> This message is copyright PD Inc, subject to license 20080407P00.
>
>
>
> _______________________________________________
> List mailing list
> [email protected]
> http://lists.pfsense.org/mailman/listinfo/list
>
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
