pfSense has a completely redesigned user interface since several versions. All settings can be easily reached and adjusted with this interface. The freely configurable dashboard is also a fine thing. However, there is sometimes the case that you would like to make settings via an API or the command line. pfSense does not currently have an API, this will only be available in one of the upcoming versions. Until then you can use the pfSense developer shell, also called pfSsh.php.

Accessing pfSsh.php

The fastest way to get to the developer shell is to connect to pfSense via SSH or directly connect a screen to the firewall. If SSH is not yet activated, you can do this in the web interface under System → Advanced.

Enable pfSense SSH

It is better to forbid logging in with a password and only allow logging in with a certificate.

If the SSH access is activated, you can now log in with the admin user (adjust IP):

pfSense CLI

Under point 12 you will find the developer shell, which is basically a PHP shell.

Example commands for pfSsh.php

Here are some sample commands to show you how to use the shell. Each input is normal PHP code and must be completed with exec;.

Show DHCP settings

Set domain

Execute regular shell commands

Within the PHP shell you can also execute normal shell commands by placing a “!” in front of it:

“Record” and “Playback” Commands

With pfSsh.php you can also “record” several commands and “playback” them later. These so-called sessions are useful for recurring tasks. An example:

The entries are saved under /etc/phpshellsessions/ and can be edited there if necessary.

The “recording” can now be played back as follows:

or directly from the root shell:

Conclusion

pfSsh.php is a useful tool for automating pfSense with scripts or making customizations. Especially if you manage multiple instances or need a certain setup over and over again, pfSsh.php is a great help. For example, you can pack all settings (i.e. PHP code) into one file, save them under /etc/phpshellsessions/ and execute them, or forward the output directly to pfSsh.php:

Categories: HowTo

Stephan

Stephan

I'm a teacher and IT system administrator in an international school. I love open source software and I used it over a decade in my private and work life. My passion is to solve problems with open source software!

Leave a Reply

Your email address will not be published.