https://github.com/mk-fg/pfsense-scripts

Misc ad-hoc helper scripts for pfSense boxes
https://github.com/mk-fg/pfsense-scripts

bash networking pfsense scraps

Last synced: 5 days ago
JSON representation

Misc ad-hoc helper scripts for pfSense boxes

• Host: GitHub
• URL: https://github.com/mk-fg/pfsense-scripts
• Owner: mk-fg
• Created: 2015-09-07T10:10:47.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2015-09-07T16:31:05.000Z (about 9 years ago)
• Last Synced: 2023-03-22T14:06:49.044Z (over 1 year ago)
• Topics: bash, networking, pfsense, scraps
• Language: Shell
• Homepage:
• Size: 164 KB
• Stars: 13
• Watchers: 4
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.rst

Awesome Lists containing this project

README

        
pfsense-scripts

===============

Misc ad-hoc helper scripts for `pfSense `_ boxes.

.. contents::

  :backlinks: none

Installation

------------

The Right Way to install these scripts to pfSense machine is to upload them

through "Filer" package, with executable bit, and setup to run through Filer's

"Script/Command" option.

"Filer" package can be installed from WebUI's "System - Packages" menu.

After that, individual scripts should be uploaded through "Diagnostics - Filer"

WebUI form, with the following fields set:

* ``File: /usr/local/etc/``

* ``Permissions: 0755``

* ``File Contents: ``

* ``Script/Command: /usr/local/etc/ ``

* ``Description`` field can be filled with anything you like.

Substitute  and  above with name/contents for the

specific script and  with any parameters that it expects on the

command line (see script descriptions below for these).

Scripts that are configurable can also have values that can be changed when

copying script contents, usually at the very top.

Any scripts installed that way will be stored in the pfSense config, and can be

backed-up/restored along with all the other pfSense configuration parameters

(e.g. through "Diagnostics - Backup/restore" in WebUI).

Scripts

-------

Install these via "Filer" package, as described in the "Installation" section.

iface_check_restart.sh

``````````````````````

Script to detect when interface goes down and restart it::

  Usage: iface_check_restart.sh interface_label [check_interval]

Command-line arguments:

* interface_label: interface name, same as it is set/shown in pfSense WebUI.

  For example, default wan/lan interface names in pfSense are WAN and LAN.

  Upper/lower case matters.

* check_interval (optional): interval between iface state checks, in seconds.

  Default: 60

Example Filer's "Script/Command" setting (for WAN interface)::

  /usr/local/etc/iface_check_restart.sh WAN

Runs in an endless loop, checking specified interface state every N seconds and

restarting it if check fails.

Restart is done via ``interface_reconfigure($iface)`` from php, which cycles

iface state down/up.

gateway_change_conn_reset.sh

````````````````````````````

Script to detect when default gateway interface changes and forcefully kill all

connections still hanging throu old gateway interface::

  Usage: gateway_change_conn_reset.sh [check_interval]

Command-line arguments:

* check_interval (optional): interval gateway checks, in seconds.

  Default: 60

Runs in an endless loop, getting list of interfaces (os-level, e.g. em0) for

gateways marked as "defaultgw" and dumping list of these to a file in /tmp

(configurable in script via PFx_STATE_FILE), checking old contents of it against

this list and running ``/etc/rc.kill_states `` for interfaces that are

not longer used for default gw.

Debugging

---------

Some (or all) scripts check if PFx_DEBUG env variable is non-empty and echo some

extra debug information to stderr when that's the case.

Best way to see this output would be to run the scripts manually from the shell,

or with output redirection, i.e.::

  % PFx_DEBUG=t /usr/local/etc/gateway_change_conn_reset.sh 5

  gw_ifaces :: em1

  gw_ifaces_old :: em1

  gw_ifaces :: em1

  gw_ifaces_old :: em1

  gw_ifaces :: em0

  gw_ifaces_old :: em1

  rc.kill_states :: em1

  gw_ifaces :: em0

  gw_ifaces_old :: em0

  ...

For conventional output redirection via e.g. ``2>/tmp/debug.log``, make sure

"sh" shell is being used, as tcsh has its own syntax for that::

  % ps -p$$

    PID TT  STAT    TIME COMMAND

  43600  0  S    0:00.01 /bin/tcsh

  % sh

  % ps -p$$

    PID TT  STAT    TIME COMMAND

  97458  0  S    0:00.00 sh

  % PFx_DEBUG=t nohup /usr/local/etc/gateway_change_conn_reset.sh 5 2>/tmp/debug.log &

  % exit