I'm currently trying to edit the configuration of a running pfSense in production with the pfSsh.php shell. By using the pfSsh.php shell I'm able to modify the configuration but once I write it, it isn't applied to the system.
Is there a way to force a configuration reload without rebooting the whole system ?
pfSense shell: $newIp['mode'] = 'ipalias';
pfSense shell: $newIp['interface'] = 'wan';
pfSense shell: $newIp['descr'] = 'vip1';
pfSense shell: $newIp['type'] = 'single';
pfSense shell: $newIp['subnet_bits'] = 24;
pfSense shell: $newIp['subnet'] = '192.168.0.241';
pfSense shell: $config['virtualip']['vip'][] = $newIp;
pfSense shell: parse_config(true);
pfSense shell: write_config();
pfSense shell: exec;
If I print the configuration, I can see that the vip is added :
[virtualip] => Array
(
[vip] => Array
(
[0] => Array
(
[mode] => ipalias
[interface] => wan
[uniqid] => 578aa9852a7bf
[descr] => test
[type] => single
[subnet_bits] => 24
[subnet] => 192.168.0.239
)
[1] => Array
(
[mode] => ipalias
[interface] => wan
[descr] => Unused IP
[type] => single
[subnet_bits] => 24
[subnet] => 192.168.0.241
But on the system, the vip isn't added until I reboot :
[2.3.1-RELEASE][admin@pfSense.localdomain]/root: ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:0c:29:22:55:0b
inet6 fe80::20c:29ff:fe22:550b%em0 prefixlen 64 scopeid 0x1
inet 192.168.0.240 netmask 0xffffff00 broadcast 192.168.0.255
EDIT :
Thanks to Chris answer I used the interface_ipalias_configure method which worked as expected. I put a simple looping example which add multiple vips from 192.168.0.74 to 79 to a CARP VIP, if it can help someone.
This php script is written /etc/phpshellsessions/myscript and executed through " pfSsh.php playback myscript" command in a remote console as admin.
$vipPrefix = '192.168.0.';
$vipNetmask = '24';
foreach($config['virtualip']['vip'] as $k => $value) {
$tmp[] = $value['subnet'];
}
end($config['virtualip']['vip']);
$vID = key($config['virtualip']['vip']);
for ($i = 74; $i < 80; $i++) {
$byte = strval($i);
if ( ! in_array( $vipPrefix.$byte , $tmp )) {
$vID++;
$newIp['mode'] = 'ipalias';
$newIp['interface'] = '_vip57cc61f85d2c8';
$newIp['descr'] = $vipPrefix.$byte;
$newIp['type'] = 'single';
$newIp['subnet_bits'] = $vipNetmask;
$newIp['subnet'] = $vipPrefix.$byte;
$newIp['uniqid'] = uniqid();
$config['virtualip']['vip'][$vID] = $newIp;
parse_config(true);
write_config();
interface_ipalias_configure($config['virtualip']['vip'][$vID]);
}
}
print_r($config['virtualip']['vip']);
exec;
Best Answer
What you're doing there is only changing the config. That much of it's correct, but then you need to apply those changes.
For the case of VIPs, check what firewall_virtual_ip.php does when you apply changes. https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/firewall_virtual_ip.php#L48
Do that in your code after doing the write_config.