pfSense Rule Switch

I’ll give this a go tomorrow!

Dude -

Thank you so much for this. These components and switches are huge for me and I’ve been migrating to a new pfSense setup this week and yesterday it worked but today it wouldn’t. I couldn’t figure out why. I’d run the OpenVPN wizard late last night. I made the changes you noted and it seems to be working again.

@dgshue As always - thanks for your efforts on these!

On another note, does anyone know if this will work on OPNsense as well?

So looking into it more deeply, it doesn’t look like it would run in OPNsense without some pretty major changes to leverage their API. Since this alone is pretty much keeping me on pfSense vs. OPNsense the next question is - will it work on pfSense 2.5? This is so key for me it’s also the only thing that has kept me from upgrading.

In pfsense once you edit a firewall rule you usually have the clear the system states (Diagnostics->States->Reset States) for it to take effect immediately.

Once you toggle the rule to block access for your kids, does it take effect right away?

Sorry for the late reply but thanks Fredrik your fix is working perfectly

How do you target a specific rule in pfsense with a switch? The rules are not named.

Rules can, and for this integration should, have a description.

Edit: I see now that the github description mentions indeed “rule name”. I guess it refers to rule description.

“ * rule_filter ( Optional ): Used to create switches only on certain rules. Rule name must start with filter to match (ie. HomeAssisant-BlockTraffic1)”

@JeeCee Thx that make it clearer. I am still curious though and would like a response who someone that knows.

For all existing connection (with active states on the firewall), how are those states terminated as to prevent let’s say kids devices from connecting? I understand eventually the states will expire but it may be a while before that happens.

I’ve been struggling with implementing a rule switch using fauxapi, and I can’t for the life of me get it to work.

I just became aware of a new (unofficial) API implementation that is well documented and actively maintained (just out of beta):

Looks very promising. Has anyone else had a look yet?

Wow. That one looks quite powerful as well. Nice.

I’m using this API with great success, and enable/disable rules with a rest_command.

1 Like

I updated the code per fmagn’s code edits and I updated the SwitchEntity class to fix this error:

SwitchDevice is deprecated, modify pfSense to extend SwitchEntity

I put in a pull request @dgshue

You can’t just say, Hey, it works, and not give any details man!

Sure I can :slight_smile:

But here is an example of how I enable a pfsense rule with a simple REST command (called from a script using, in this case, rest_command.enable_volume_sync):

    url: http://[firewall address]/api/v1/firewall/rule
    method: PUT
    content_type: "application/json"
    payload: '{"client-id": "[API username]", "client-token": "[API token]", "tracker":[ rule tracker ID], "disabled": false}'
1 Like

I have tryed to adapt the code to opnsense here:

Thanks for your update @gremblin

Awesome, was going to write my own today, but I’ll take a look at yours thanks for this!

I made a proper integration with switches for rules and hundreds of sensors. Enjoy! pfSense Integration

I have officially announced my opnsense integration here (which includes support for toggling rules among many other things): OPNsense Integration

This is great news. Thanks for this. I can’t wait to get home from my trip to try it out.