diff options
author | Oliver Welter <github@oliwel.de> | 2015-01-18 14:05:41 +0100 |
---|---|---|
committer | Oliver Welter <github@oliwel.de> | 2015-01-18 15:04:43 +0100 |
commit | 4dedce6d46c92c4ea3ced36d718461fc5e1f8a2d (patch) | |
tree | e0aa81e6733c8e40ed246b9b7f4378d7f1b50f48 /usr/local/bin/easyrule | |
parent | e4d8943c59cfceba229e2689d67601127e8ceb1a (diff) | |
download | pfsense-4dedce6d46c92c4ea3ced36d718461fc5e1f8a2d.zip pfsense-4dedce6d46c92c4ea3ced36d718461fc5e1f8a2d.tar.gz |
Add showblock and unblock options to easyrule CLI tool
Block rules added with easyrule block.... can now be listed and removed using
the easyrule tool. This is handy to be used with external IDS like tools, e.g
fail2ban.
Diffstat (limited to 'usr/local/bin/easyrule')
-rwxr-xr-x | usr/local/bin/easyrule | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/usr/local/bin/easyrule b/usr/local/bin/easyrule index 9850aee..3179ffa 100755 --- a/usr/local/bin/easyrule +++ b/usr/local/bin/easyrule @@ -96,6 +96,12 @@ if (($argc > 1) && !empty($argv[1])) { case 'block': $message = easyrule_parse_block($argv[2], $argv[3]); break; + case 'unblock': + $message = easyrule_parse_unblock($argv[2], $argv[3]); + break; + case 'showblock': + $message = easyrule_parse_getblock($argv[2]); + break; case 'pass': $message = easyrule_parse_pass($argv[2], $argv[3], $argv[4], $argv[5], $argv[6]); break; @@ -104,7 +110,7 @@ if (($argc > 1) && !empty($argv[1])) { } else { // Print usage: echo "usage:\n"; - echo " Blocking only requires an IP to block\n"; + echo " Blocking only requires an IP to block, block rules can be shown with showblock and revoked using unblock\n"; echo " " . basename($argv[0]) . " block <interface> <source IP>\n"; echo "\n"; echo " Passing requires more detail, as it must be as specific as possible. The destination port is optional if you're using a protocol without a port (e.g. ICMP, OSPF, etc).\n"; @@ -113,6 +119,12 @@ if (($argc > 1) && !empty($argv[1])) { echo " Block example:\n"; echo " " . basename($argv[0]) . " block wan 1.2.3.4\n"; echo "\n"; + echo " Show active blocks example:\n"; + echo " " . basename($argv[0]) . " showblock wan\n"; + echo "\n"; + echo " Unblock example:\n"; + echo " " . basename($argv[0]) . " unblock wan 1.2.3.4\n"; + echo "\n"; echo " Pass example (protocol with port):\n"; echo " " . basename($argv[0]) . " pass wan tcp 1.2.3.4 192.168.0.4 80\n"; echo "\n"; |