pfSense Shell:无需重启即可应用配置修改

tag-icon tag-icon firewall shell pfsense automation
pfSense Shell:无需重启即可应用配置修改

我目前正在尝试使用 pfSsh.php shell 编辑生产中正在运行的 pfSense 的配置。通过使用php 密码保护工具shell 我可以修改配置,但是一旦我写了它,它就不会应用到系统中。

有没有办法强制重新加载配置而无需重新启动整个系统?

pfSense shell: $newIp['mode'] = 'ipalias';
pfSense shell: $newIp['interface'] = 'wan';
pfSense shell: $newIp['descr'] = 'vip1';
pfSense shell: $newIp['type'] = 'single';
pfSense shell: $newIp['subnet_bits'] = 24;
pfSense shell: $newIp['subnet'] = '192.168.0.241';
pfSense shell: $config['virtualip']['vip'][] = $newIp;
pfSense shell: parse_config(true);
pfSense shell: write_config();
pfSense shell: exec;

如果我打印配置,我可以看到已添加 VIP:

     [virtualip] => Array
       (
           [vip] => Array
               (
                   [0] => Array
                       (
                           [mode] => ipalias
                           [interface] => wan
                           [uniqid] => 578aa9852a7bf
                           [descr] => test
                           [type] => single
                           [subnet_bits] => 24
                           [subnet] => 192.168.0.239
                       )

                   [1] => Array
                       (
                           [mode] => ipalias
                           [interface] => wan
                           [descr] => Unused IP
                           [type] => single
                           [subnet_bits] => 24
                           [subnet] => 192.168.0.241

但是在系统上,直到我重新启动后才会添加 VIP:

[2.3.1-RELEASE][[email protected]]/root: ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
       ether 00:0c:29:22:55:0b
       inet6 fe80::20c:29ff:fe22:550b%em0 prefixlen 64 scopeid 0x1
       inet 192.168.0.240 netmask 0xffffff00 broadcast 192.168.0.255

编辑 :

感谢 Chris 的回答,我使用了 interface_ipalias_configure 方法,它按预期工作。我给出了一个简单的循环示例,将多个 vip(从 192.168.0.74 到 79)添加到 CARP VIP,希望它能对某些人有所帮助。

该 php 脚本写入 /etc/phpshellsessions/myscript 并以管理员身份在远程控制台通过“pfSsh.php playing myscript”命令执行。

$vipPrefix = '192.168.0.';
$vipNetmask = '24';

foreach($config['virtualip']['vip'] as $k => $value) {
   $tmp[] = $value['subnet'];
}

end($config['virtualip']['vip']);

$vID = key($config['virtualip']['vip']);

for ($i = 74; $i < 80; $i++) {

    $byte = strval($i);

    if ( ! in_array( $vipPrefix.$byte , $tmp )) {

        $vID++;
        $newIp['mode'] = 'ipalias';
        $newIp['interface'] = '_vip57cc61f85d2c8';
        $newIp['descr'] = $vipPrefix.$byte;
        $newIp['type'] = 'single';
        $newIp['subnet_bits'] = $vipNetmask;
        $newIp['subnet'] = $vipPrefix.$byte;
        $newIp['uniqid'] = uniqid();
        $config['virtualip']['vip'][$vID] = $newIp;
        parse_config(true);
        write_config();
        interface_ipalias_configure($config['virtualip']['vip'][$vID]);
    }
}

print_r($config['virtualip']['vip']);

exec;

答案1

您所做的只是更改配置。大部分内容都是正确的,但您需要应用这些更改。

对于 VIP 的情况,请检查应用更改时firewall_virtual_ip.php 执行的操作。 https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/firewall_virtual_ip.php#L48

完成 write_config 后,在代码中执行该操作。

相关内容