bevhost / ansible-module-pfsense Goto Github PK
View Code? Open in Web Editor NEWAnsible Plugin Module Library For Managing pfSense Firewalls
License: GNU General Public License v3.0
Ansible Plugin Module Library For Managing pfSense Firewalls
License: GNU General Public License v3.0
Hi there,
How do I install this?
Thanks
Hi ¿Can I use pfsense_config to configure Captive Portal?
Hello,
When I try to delete the default LAN rules pfSense creates, I use the pfsense_filter_rules module with the "state: absent" keyword, but it never seems to delete the rule itself. It always returns the task with 'ok' and nothing was changed, while it does show that phpcode was injected.
This is the task in the playbook:
- name: Delete default LAN rules
pfsense_filter_rules:
state: absent
tracker: '0100000102'
TASK [Delete default LAN rules] ****************************************************************************************
ok: [127.0.0.1 -> 172.29.126.16] => changed=false
filter_rules:
- descr: Default allow LAN IPv6 to any rule
destination:
any: ''
interface: lan
ipprotocol: inet6
source:
network: lan
tracker: '0100000102'
type: pass
phpcode: |-
unset($config['filter']['rule'][8]);
updated: ''
I tried this with newly created rules (instead of the default ones) but the result is the same.
Ansible galaxy now supports collections, in addition to roles. Collections can contain libraries like this repository.
Providing this would make the installing process considerably simpler, the module/collection can be listed as a requirement, updated etc.
An example of this being done is:
When adding a floating rule through the 'pfsense_filter_rules' module, they are added in the XML like this:
<floating></floating>
When manually creating a floating rule through the GUI, it contains the 'yes' keyword (tested on 2.4.4-p3, not sure about other versions):
<floating>yes</floating>
The rules themselves work fine regardless of the 'yes' or not by the way.
For us this caused an obscure issue with a module from another repository (in combination with only 1 interface selected on the floating rule itself) that we worked around for, but just reporting this in case it might cause issues for other people.
Due to the way PHP commands are generated, it is easily possible to inject arbitrary PHP code via module parameters. You must still have shell access and admin privileges to use the modules in the first place, but could be problematic if module parameters are loaded from an untrusted source.
- hosts: pfsense
become: true
tasks:
- pfsense_group:
name: injected'; system_reboot(); echo 'oops
priv:
- page-all
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.