Reset PF Firewall Automatically While Testing Configuration With Remote Server Over SSH Session

I would like to tell my BSD based PF firewall to flush out the current configuration every 2 minutes. This will help me, when I’m testing a new rules and configuration options. [donotprint][/donotprint]Some time I find myself locked out of my own remote server. How do I reset PF firewall automatically without issuing hard reboot?

There is no need to write a shell script and call it from cron. You can load the rules from the /etc/pf.conf and sleep or 120 seconds then disable pf using the following syntax:
#/sbin/pfctl -f /etc/pf.conf && sleep 120 && /sbin/pfctl -d
Where,

  • -f /etc/pf.conf – Load the rules contained in /etc/pf.conf.
  • -d – Disable the packet filter.
  • sleep 120: The sleep command suspends execution for a minimum of 200 seconds before calling the next command.

You can also test pf.conf for syntax errors using the following options:
# /sbin/pfctl -nf /etc/pf.conf
Finally, && (AND list) shell control operator is to used run next command only if, first command returns an exit status of zero. So each command in list must be successful in order to run next command.
# /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf && sleep 120 && /sbin/pfctl -d

See also

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.