Helper script for pfSense that lists rules and toggles them on/off via CLI. The script lists and operates on both nat and filter (standard) rule types.
- copy the php script to your firewall—one easy way to do this is to ssh to your firewall, choose option 8 and then paste this command:
fetch https://raw.githubusercontent.com/luckman212/pf_fwrule_toggle/main/fwrule_toggle.php
- run it using the syntax below
- you need to supply one or more rule ids as a parameter, or
-lto list all rules - prefixing the ruleIDs with
ne.g.n3will operate on NAT rule #3 - optionally set the action to
enable,disable, ortoggle(if not specified, it defaults totoggle) - you can use the following long args instead, if you prefer:
--list,--desc,--help - if you place the script in your
$PATHsomewhere, e.g./root/bin/and make it executable (chmod +x /root/bin/fwrule_toggle.php) then you can call the script directly, without prefixing withphp -q
This mode accepts 1 or more numeric rule IDs. You can prefix the number with n to select NAT rules, as opposed to filter rules which are the default.
php -q fwrule_toggle.php <ruleid>[,ruleid...] [action]actioncan beenable,disable, ortoggle
This mode operates on the rule description. If multiple rules share an identical description, they will be operated on as a group.
php -q fwrule_toggle.php -d <rule_desc> [type] [action]typecan benatorfilter—if omitted, defaults to filter- if the description contains spaces, you must surround it with quotes e.g.
'my fancy rule' - N.B. if you want to specify an
action, you must also specify atype(See #3)
php -q fwrule_toggle.php -lphp -q fwrule_toggle.php 36php -q fwrule_toggle.php n23 enablephp -q fwrule_toggle.php 5,11,17 disablephp -q fwrule_toggle.php -d 'external access' filter disable