Uncaught Error: Call to undefined function is_specialnet()

[universcom]

Hi i want add a rule by easyrule_pass_rule_add function. when i send a curl or use python client, i get bellow error : Fatal error: Uncaught Error: Call to undefined function is_specialnet() in /etc/inc/easyrule.inc:328

all error is :

Fatal error: Uncaught Error: Call to undefined function is_specialnet() in /etc/inc/easyrule.inc:328
Stack trace:
#0 [internal function]: easyrule_pass_rule_add('WAN_156_58', 'TCP', '10.0.0.1', '94.182.191.82', '2500', 'IPv4')

#1 /etc/inc/fauxapi/fauxapi_pfsense_interface.inc(861): call_user_func_array('easyrule_pass_r...', Array)

#2 /etc/inc/fauxapi/fauxapi_actions.inc(491): fauxapi\v1\fauxApiPfsenseInterface-function_call('easyrule_pass_r...', Array, Array)

#3 /etc/inc/fauxapi/fauxapi.inc(90): fauxapi\v1\fauxApiActions->function_call(Array)

#4 /usr/local/www/fauxapi/v1/index.php(32): fauxapi\v1\fauxApi->__call('function_call', Array)

#5 {main}

thrown in /etc/inc/easyrule.inc on line 308

PHP ERROR: Type: 1, File: /etc/inc/easyrule.inc, Line: 328, Message: Uncaught Error: Call to undefined function is_specialnet() in /etc/inc/easyrule.inc:308

Stack trace:

#0 [internal function]: easyrule_pass_rule_add('WAN_156_58', 'TCP', '10.0.0.1', '94.182.191.82', '2500', 'IPv4')

#1 /etc/inc/fauxapi/fauxapi_pfsense_interface.inc(861): call_user_func_array('easyrule_pass_r...', Array)

#2 /etc/inc/fauxapi/fauxapi_actions.inc(491): fauxapi\v1\fauxApiPfsenseInterface-function_call('easyrule_pass_r...', Array, Array)

#3 /etc/inc/fauxapi/fauxapi.inc(90): fauxapi\v1\fauxApiActions->function_call(Array)

#4 /usr/local/www/fauxapi/v1/index.php(32): fauxapi\v1\fauxApi->__call('function_call', Array)

#5 {main}

i went to /etc/inc/easyrule.inc file and in line 308 : and search for is_specialnet function in parent directory and dont find it.

in other try i comment out is_specialnet function and set $netmask = 0 for source and destination host source. in this step get bellow error : Uncaught Error: Call to undefined function pconfig_to_address() in /etc/inc/easyrule.inc:328 i thinks some library don`t install or maybe some library field. but ui was worked correctly and told function worked correctly

[slayercat]

I've meet the same problem.

Just throught could resolve it by includes . but I've found this function is not defined in /etc/inc.

Trying to workaround it by passing the absolute path to includes. but this makes it could not work.

So turned back to a real unsafe method: util.inc:function exec_command($command)： function_call({"function":"exec_command", 'args':['easyrule block wan 1.2.3.4']}) works for me.

The lib's security threshold is too high to be used.

[slayercat]

I'm interested to make a enhancement to do a real rule_add / rule_delete api. May be in spring festival. I hope.

[universcom]

thanks a lot dear slayercat for your answer i found undefined functions in pfsense github repo and rewrote undefined functions in /etc/inc/utiles.inc by other name and include in easyrule.inc. after include they, api was work. of course i get a auth error like mentioned error (undefined error ....) that resolve by includes. in other try i found undefined functions in /usr/local/www/guiconfig.inc file. i hope enhancement to do a real rule_add / rule_delete api, too :D

[universcom]

i try again by include all undefined functions and send result for you

[slayercat]

thank you @universcom . I'm doing this job becase a customer of my company requires cooperate with pfsense while found malware activity.

I could not to ask for a modification of pfsense's code. So I've decided to ask for the permission of exec_command. for now.

thank you again for your warmhearted behavior.

[ndejong]

Yes the function_call feature is very raw and comes with controls in an attempt to prevent accidents or creating new problems - as described

The challenge is that pfSense itself does not have a well structured code base, for example there is no concept of a Model-View-Controller arrangement and in some cases you can find system actions occurring right in the page-views themselves.

This is in-part why the project was called a Faux API for pfSense.

@slayercat - your exec_command workaround is a fine solution to the problem I'd reckon - nice - if you'd like to develop easyrule extensions to pfsense_fauxapi that would be awesome.