search

ndejong / pfsense_fauxapi

REST based API interface for pfSense 2.3.x and 2.4.x to facilitate devops
Apache License 2.0
354 stars 61 forks source link

Trying to block the host using command line #18

Closed Vaibhav1587 closed 6 years ago

Vaibhav1587 commented 6 years ago

Following is the command,

curl -X POST --silent --insecure --header "Content Type: application/json" --header "fauxapi-auth:XXX" http://XX.XXX.XXX.XX:XXXX/fauxapi/v1/\?action=function_call --data '{"function":"easyrule_block_host_add","args":["XXX.XXX.XXX.XX/32","wan","inet"]}'

Fatal error: Call to undefined function ifridx() in /etc/inc/easyrule.inc on line 158

Call Stack: 0.0001 119380 1. {main}() /usr/local/www/fauxapi/v1/index.php:0 0.0022 290008 2. fauxapi\v1\fauxApi->function_call() /usr/local/www/fauxapi/v1/index.php:32 0.0022 290480 3. fauxapi\v1\fauxApi->__call() /usr/local/www/fauxapi/v1/index.php:32 0.0035 297880 4. fauxapi\v1\fauxApiActions->function_call() /etc/inc/fauxapi/fauxapi.inc:83 0.0036 298416 5. fauxapi\v1\fauxApiPfsenseInterface->function_call() /etc/inc/fauxapi/fauxapi_actions.inc:388 0.0092 402684 6. call_user_func_array:{/etc/inc/fauxapi/fauxapi_pfsense_interface.inc:689}() /etc/inc/fauxapi/fauxapi_pfsense_interface.inc:689 0.0092 402996 7. easyrule_block_host_add() /etc/inc/fauxapi/fauxapi_pfsense_interface.inc:689 0.0096 404376 8. easyrule_block_rule_create() /etc/inc/easyrule.inc:289

I has been resolved by adding "require_once('filter.inc');" in easyrule.inc

ndejong commented 6 years ago

Two notes to make about this:-

Have a closer read in the file pfsense_function_calls.txt you'll note that it is possible to more easily add additional includes by simply listing them at the top of the file - if you simply add the line filter.inc at the top of the file you will not need ti insert the statement require_once('filter.inc'); in the file easyrule.inc as you have described.

More than this however, I'd suggest an alternative (perhaps better) approach to what you are trying to achieve - use aliases! Rather than trying to insert rules into the wan interface, try setting a single drop rule in the wan interface that references an alias and then manage the alias - I suspect you'll find this easier to work with - indeed I have done this in the past myself using a urltable which is why the function alias_update_urltables exists.

Vaibhav1587 commented 6 years ago

Thanks for the reply. :+1:

Can you elaborate more on the alias_update_urltables. I can't see it in the pfsense_function_calls.txt. :(

While using the easyrule_block_host_add works only if second argument i.e. $int='wan' is set to 'wan' can't give my desire name into it. If I use something different here, only alias got added without any rule for wan and I can't even delete it.