jaredhendrickson13 / pfsense-automator Goto Github PK

View Code? Open in Web Editor NEW

18.0 5.0 4.0 10.9 MB

pfSense Automator - a command line tool to make pfSense configurations

Python 100.00%

pfsense networking firewall automation

pfsense-automator's People

Contributors

Stargazers

Watchers

Forkers

dialloamadou rgunst zerofai berkcekisbas

pfsense-automator's Issues

--set-wc-sslcert overrides existing /system_advanced_admin.php configuration

The --set-wc-sslcert flag is writing over the existing configuration at /system_advanced_admin.php. this is due to the webconfigurator expecting the prefilled values when the save button is hit. Making direct POST requests requires us to fill this in specifically.

Can't connect to pfsense

Hi Jared,
I dont know if this is the good way to contact you.
I’m trying use pfsense-automator.py to connect from client (kali) to pfsense but it respone with :Error: Connection dropped by remote host.
Could you point me in the good direction?
Thanks.

FreeBSD executable

An executable should be included in the next build that is compatible with FreeBSD/pfSense out of the box. This would be helpful for those who want to make Ansible configurations or configurations via SSH/command line

VLAN Management

Functions to manage VLAN configuration on pfSense have been requested. Create a function to read VLAN configurations and write VLAN configurations.

User Issue

Hi Jared,
I dont know if this is the good way to contact you. please be patient.
I’m trying to test pfa_automator on a test pfsense 2.4.4 installation, using ubuntu as a client to connect from.
I have downloaded the executable from github code releases pfsense-automator (beta) v0.0.3

then following the instruction I did a tar xvzf on pfsense-automator_v0.0.3_ubuntu1804.tar.gz

Now I have a pfsense-automator_v0.0.3_ubuntu1804 folder : inside there is a pfsense-automator executable

I don’t see a pfa_installer

Now it seems to me that some command are not working:
this one works

./pfsense-automator 192.168.204.1 --read-interfaces
Please enter username: admin
Please enter password: 
NAME-------------------------- INTERFACE--------- ID------ TYPE------ CIDR---------------- ENABLED-
WAN0                           em0                wan      staticv4   10.0.5.1/24          yes     
LAN                            em2                lan      staticv4   10.0.2.1/24          yes     
SEGM3                          em3                opt1     staticv4   192.168.204.1/24     yes     
SYNC                           em4                opt2     staticv4   10.0.4.1/24          yes     
WAN1                           em1                opt3     staticv4   10.0.0.1/24          yes

this one fails

./pfsense-automator 192.168.204.1 --read-rules
Error: Invalid argument. Unknown action `--read-rules`

this one fails too

./pfsense-automator 192.168.204.1 --read-rules --all
Error: Invalid argument. Unknown action `--read-rules`

Where I’m wrong?
Can you point me in the good direction?

Thanks.

Update version function for v0.0.4

The version function must be updated to reflect the v0.0.4 version tag

Firewall Alias Management

Currently we have no method of verifying existing Firewall Aliases. We need a function to pull existing Alias configuration that we can use to verify aliases were created, modified or removed.

Good afternoon, tell me how to download the .exe file for installation on Windows. I can not find.

General setup functions

I have received a request to add general pfSense setup functions. We should add functions to accomplish the following:

Function to configure System > General Setup
Function to configure System > Advanced
Function to configure System > Advanced > System Tunables
Function to configure Interfaces > Assignments

These should cover the basics on a base configuration.

Requests made to non-pfSense pages are processed and throw traceback

Requests made to non-pfSense pages are still processed and parsing attempts are made. This is because we are only checking that the pfSense webUI port is open and not any content that is specific to pfSense. Perhaps we should implement a function that makes a basic GET request to check for expected pfSense content and return an expected error when pfSense content is not found:

$ python3 pfsense-automator.py www.google.com --add-dns test jh.co 0.0.0.0 default -u admin -p pfsense
Traceback (most recent call last):
  File "pfsense-automator.py", line 1007, in <module>
    main()
  File "pfsense-automator.py", line 726, in main
    addDnsExitCode = add_dns_entry(pfsenseServer, user, key, hostToAdd, domainToAdd, ipToAdd, descrToAdd)
  File "pfsense-automator.py", line 396, in add_dns_entry
    authCheckData = {"__csrf_magic": get_csrf_token(url + "/index.php", "GET"), "usernamefld": user, "passwordfld": key, "login": "Sign In"}    # Define our login POST data
  File "pfsense-automator.py", line 305, in get_csrf_token
    csrfParsed = "sid:" + csrfResponse['text'].split("sid:")[1].split(";")[0].replace(" ", "").replace("\n", "").replace("\"", "")
IndexError: list index out of range

Traceback thrown when user does not have necessary UI permissions

There is no check to see whether or not the user has permission to run a certain command or access a certain page:

python3 pfsense-automator.py test.jh.co --read-aliases -a -u admin -p pfsense
Traceback (most recent call last):
  File "pfsense-automator.py", line 1611, in <module>
    main()
  File "pfsense-automator.py", line 1337, in main
    getAliasData = get_firewall_aliases(pfsenseServer, user, key)    # Get our alias data dictionary
  File "pfsense-automator.py", line 877, in get_firewall_aliases
    name = getAliasIdInfo["text"].split("<input class=\"form-control\" name=\"name\" id=\"name\" type=\"text\" value=\"")[1].split("\"")[0]    # Save our alias name
IndexError: list index out of range

A check to should be put in place and a proper error should be thrown if user does not obtain permissions to the run the task.

Username & Password not read from CLI

It appears that supplying -u -p on the CLI does not get read unless you have a significantly long arg list.

./pfsense-automator.py 192.168.1.1 --check-auth -u admin -p pfsense
WARNING: Large numbers of authentication failures will enforce a pfSense lockout for your IP address. Proceed with caution.
Please enter username: admin
Please enter password:
Authentication successful

Reviewing the code it appears that you have opted not to use the python argparse utility to capture and enforce command line parameters and have instead opted to hardcode the positional arguments using sys.argv is there a reason for this?

A better way is to read all the variables in via argparse and then use them throughout where needed, this way you avoided repeating your self multiple times.

Exiting executable during input prompts results in traceback

Running from Windows 10, user has experienced traceback when sigint (ctl+c) is passed during input. This does not disrupt functionality but is an unintended annoyance.

C:\Users\jhendrickson\pfsense-automator_v0.0.2_windows10>pfsense-automator.exe test.jh.co --check-auth -u admin

WARNING: Large numbers of authentication failures will enforce a pfSense lockout for your IP address. Proceed with caution.
Please enter password: 
Traceback (most recent call last):
File "pfsense-automator.py", line 1016, in <module>
File "pfsense-automator.py", line 945, in main
File "Users\jhendrickson\AppData\Local\Programs\Python\Python37\lib\getpass.py", line 110, in win_getpass
KeyboardInterrupt
[10708] Failed to execute script pfsense-automator