Hi Claus,
Here is a small script that I use to modify alias entries on around 60
firewalls in one go.
If you want to append IP to the alias then you will need to query the
alias values first and then add the new IP to already existing string of
IPs.
Hope it helps.
Regards,
Nishant
========================
#!/bin/bash
for i in {1..10}
do
echo "Connecting to 172.16.${i}.1..."
SSHPASS=your_password sshpass -e ssh -o "ConnectionAttempts 1" \ -o
"ConnectTimeout 5" -o "StrictHostKeyChecking no" -l root 172.16.${i}.1\
/usr/local/sbin/pfSsh.php <<END
global \$config;
global \$mykey;
\$config = parse_config(true);
foreach (array_keys(\$config['aliases']['alias']) as \$key) {
if (\$config['aliases']['alias'][\$key]['name'] === 'ALIAS NAME') {
\$mykey = \$key;
echo "\$attr ";
echo \$config['aliases']['alias'][\$key][\$attr];
echo "\n";
echo "Setting address...\n";
\$config['aliases']['alias'][\$key]['address'] = "IP1 IP2 IP3\
IP4 IP5";
}
}
print_r(\$config['aliases']['alias'][\$mykey]);
write_config("Alias updated by CLI script");
echo "done. \n";
exec;
exit
END
echo "RESULT: 172.16.${i}.1 = $?"
done
==============================
On Saturday 05 November 2016 06:19 PM, Claus@pfSense wrote:
Hi
I never got an answer on my question back then, but maybe someone can help me
now.
Basically I want to run a service on the firewall or another system, that let
me silently tell/ask the firewall (using PSK and OTP) to add my IP to a
group/alias.
That group/alias would the grant me other access for a timelimited period.
Kind of a 2FA.
So if I could find a way to do 1-2 below from the pfSense command line I could
easily build the rest.
Maybe there are existing addon's that supports this without going fullblown VPN.
Thanks
Claus
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Claus Bruun
Sent: Tuesday, March 13, 2012 3:39 PM
To: pfSense support and discussion <[email protected]>
Subject: Re: [pfSense] Programatically add IP to Alias
Sorry for being unclear.
I would
1) like to modify a pfSense-alias from command line.
2) tell pfSense to pick-up the change and go live from command line.
Thanks
Claus
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Chris Buechler
Sent: Tuesday, March 13, 2012 2:39 PM
To: pfSense support and discussion
Subject: Re: [pfSense] Programatically add IP to Alias
On Mon, Mar 12, 2012 at 6:04 PM, Claus@pfSense <[email protected]>
wrote:
Any comments on this one ?
I don't think it's very clear what you're attempting to do, at least not to me,
maybe if you can clarify what you're doing and why someone will have some
feedback.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
