I have a PF Firewall running on Freebsd v6.x Now I would like to change and review the config in my rc.conf file via a browser . So my approach here would be:
make a script , which changes for instance the default route
have this script built-in a Webpage and have a form field where i can give in the IP address as default gateway and have the script started via a submit button
Now my question is:
does anyone has a script for me which would accomplish that task?
which scripting language shall I sue, TCL or Perl for also having this one embedded into my Webpage?
I would use perl / cgi to accomplish. If I got it correctly, you want to update rc.conf file via webpage, where you have fields to update certain values. But I think some changes in rc.conf would require reboot of the machine, or I'm wrong ?
Well, it depends on the architecture of the script, can you post sample input / file and desired output. Also, some security considerations - do you really want web page that someone can access and change your default route ?
Whatever you use, make sure you have a good understanding of the security implications. It's not just that an attacker could hose your routing; if the application is incorrectly implemented, it might allow an attacker to break in and do even more onerous things to your system (use it to host phishing and malware sites, etc).
I would prefer to be able to configure my PF from the Internal LAN interface only, and block all management traffic from the outside intzerface except SSH