Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 4501 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enable/disable firewall rule via ssh?

SebastianÖhman

I would like to enable/disable firewall (both user/network and/or business) rules via SSH but cannot figure out how.

If I choose "4: Device console" and use the help, it mostly seem like more system-functions you can edit there.

 

I guess I have to go 5:3 for advanced shell? And then? I see that IPTABLES is populated with a lot of stuff, is SOPHOS using IPTABLES under the hood?

But I cant find my firewall rules in IPTABLES...

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    is there a reason for this request? 

    Yes we are using IPtables, like other opensource modules, but the iptables are get written after enabling the rule.

    You could use the API for this. https://community.sophos.com/kb/en-us/132560

  • 0 in reply to LuCar Toni

    Reason:

    I simply need to enable/disable rules programatically. Thats step 1. Next step I will probably need to create them too. Think Docker/Kubernetes/Devops. Stuff needs to be automated. I want a deployment pipeline which runs 100% automatically, cant sit 2019 and enter firewall-rules manually :)

    Also, think a bit like Microsofts "just in time access", no need to have a port that's used 0.000001% of the time open 100% of the time. But my scenario is a bit different, services will be started for short time spans (LetsEncrypt renewal for one), and no need to have that port/forward open 100% of the time when the renewal runs for seconds every 3 months.

    https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

     

     

    I will look at the API again. Why I ignored that route is becase the XML seems extensive. The 'Security Policy Add / Edit Security Policy' XML is hundreds of lines of code. It has like 20 "mandatory" fields? Do I need to send all that info just to toggle the status of a rule? Or will something like this be enough:

     <SecurityPolicy> <Name>rulename</Name> <Status>Disable</Status></SecurityPolicy>

     

    Thanks!

  • 0 in reply to SebastianÖhman

    You do have the option of time based rules for those access requirements that repeat on a regular basis.

    Ian

Reply Children
No Data