I am still working on the home automation config but at the moment I can run a command like below to immediately kill internet access for a device. I have to examine this approach more in the future and I only have it in place as a precaution.Īs I said, I am using this as part of home automation. Login from this IP is allowed from one source ip only and only during daytime hours when it would be likely that we would be accessing the automation I am trying to achieve. Allowing SSH in the first place more or less gives admin access according to the webcfg but this does not seem to be the case as there are many things the user cannot perform, hence why I had to install sudo and add a specific line for /usr/local/bin/easyrule to be run by this user. I installed the sudo package on pfsense and allowed this user to run easyrule as otherwise it cannot edit config.xml. This user authenticates via ssh with key based login. I created a new account for this purpose alone. I achieved my intended goal but by using cli access as opposed to snmp or api (something I did not think of but u/bobbywaz suggested). If I was to use NETSNMP, is the application/script it refers to, something that is run on the underlying BSD installation or within pfSense?Ĭan the fauxapi implimentation turn on and off firewall rules the way I am suggesting? Just looking for community feedback on the best approach in case I am overlooking something completely. I was looking to do the same on my pfsense and was looking down the route of either using NETSNMP trap handler over snmpv3 or install fauxapi. I dont want to just use the schedule function as there are times where you want to be able to just tap a button on a dashboard and enable/disable the rule. One of the things I used to be able to do on my old Mikrotik firewall as enable and disable firewall rules via the API.Ī sample of why I do this was blocking internet access to devices outside certain hours.
0 kommentar(er)
