]
assign the config
python
helper.set("interfaces",interfaces)
helper.set("dhcpd",dhcp)
helper.set("vlans",vlans)
helper.save(temp_path)
helper.remove_items()
scripts and commands
> - you can run every script from `/usr/local/opnsense/scripts/`
> - you can use every `pluginctl` and `configctl` command
> - use `<command: str> <argument:str> <flags:arr>`
> - besides command, argument may be required based on the method
Example
python
helper.scripts.system.run("status")
helper.scripts.routes.run("show_routes")
helper.commands.pluginctl.run("ipv4")
helper.commands.pluginctl.run("service", "dhcpd status")
helper.commands.pluginctl.run("config", "dhcp")
Result
bash
$ /usr/local/opnsense/scripts/system/status.php*
{"CrashReporter":{"statusCode":2,"message":"No problems were detected.","logLocation":"\/crash_reporter.php","timestamp":"0"},"Firewall":{"statusCode":-1,"message":"There were error(s) loading the rules: \/tmp\/rules.debug:25: syntax error - The line in question reads [25]: set loginterface \n","logLocation":"\/ui\/diagnostics\/log\/core\/firewall","timestamp":1731025409}}
$ /usr/local/opnsense/scripts/routes/show_routes.py*
destination gateway flags nhop mtu netif expire
ipv4 default 192.168.0.1 UGS 5 1500 vtnet0
ipv4 localhost link4 UH 2 16384 lo0
ipv4 192.168.0.1 link1 UHS 4 1500 vtnet0
ipv4 192.168.1.0/24 link1 U 1 1500 vtnet0
ipv4 192.168.1.1 link1 UHS 4 1500 vtnet0
ipv4 192.168.1.103 link1 UHS 3 16384 lo0
ipv4 200.1.0.0/24 link2 U 6 1500 vtnet1
ipv4 200.1.0.1 link2 UHS 7 16384 lo0
ipv6 localhost link4 UHS 1 16384 lo0
ipv6 fe80::%lo0/64 link4 U 3 16384 lo0
ipv6 fe80::1%lo0 link4 UHS 2 16384 lo0
$ pluginctl -4
{
"address": null,
"network": null,
"bits": null,
"device": null,
"interface": null
}
$ pluginctl -s dhcpd status
dhcpd is running as pid 16072.
$ pluginctl -c dhcp
Starting DHCPv4 service...done.
Frontend Api
- you can download the config.xml and add vlans via api
python
def using_api():
vlans_api=[
{'if': 'vtnet1', 'tag': '1', 'pcp': '0', 'proto': None, 'descr': 'vlan1', 'vlanif': 'vlan0.1'},
{'if': 'vtnet1', 'tag': '2', 'pcp': '0', 'proto': None, 'descr': 'vlan2', 'vlanif': 'vlan0.2'}
]
api_auth={
"api_key" :'ejl4fIU9yfNk+gaQmPk/rqIa15f1yX1snIKgcIEl2QNoJwhbekraWIE0ANRYceh9hey5IFGzlf3da4yJ',
"api_secret":'5JVVGoatPbaAA+FozLDQY92/T6sRlmKD1+aRNl/YI8KA9/0TNiTDboLveqvd9FU8wFeDo3D3DY5wrUtF',
"ssl": True,
"verify": False
}
helper=Opnsense_Helper(host=host,api_auth=api_auth,filepath=output, verbose=False)
helper.vlans_api(vlans_api,"add")
config_manager manual usage
* pull the config.xml from the firewall via ssh
python
helper.config_manager.get_conf(conf_path)
* initialize the the Opnsense_Helper-class and parse the config.xml
python
helper.config_manager.initialize()
- add the items
python
helper.config_manager.add_Items("vlans",vlans)
* save the configuration as xml and copy it back to the firewall
> this will also reconfigure your vlans for you, if you have any
python
helper.config_manager.save(output)
helper.config_manager.put_file(output,conf_path)
helper.config_manager.close_con()
contribute
- clone, or fork `gitgithub.com:the-pod-shop/opnsense-helper.git`
- build when made changes
- make sure to use the right user
bash
cd python
python setup.py bdist_wheel \
&& pip install --upgrade . \
&& python3 -m pip install --upgrade build --force
- you can also use the build.sh script
- create pull request
motivation
- i couldnt find a single repo/collection/terraform provider/api that let me assign and enable lan interfaces
- i decided to create one mself
- opnsense api does not let me do it, it just replies with: controller not found
- but /conf/config.xml has the answer.
- however for phisical interfaces its the god damn conf.rc
- my opnsense runs in a vm, so it really doesnt matter for me
- i just add the interfaces via libvirt and all i need to do is to enable them, given the /conf/config.xml method
xml has the answer.
production
- no more frontend code required
- much faster, since no api api calls are used
- reconfiguring vlans using paramiko exec_command
bash
def reconfigure_vlans(helper):
stdin, stdout, stderr = helper.ssh.exec_command('/usr/local/opnsense/scripts/interfaces/reconfigure_vlans.php')
output = stdout.read().decode('utf-8')
print(output)
error = stderr.read().decode('utf-8')
if error:
print(f"Fehler: {error}")
What's Changed
* https://github.com/the-pod-shop/opnsense-helper/commit/32ac9d3911401ef197f78ad83d3f8d9f90f5fe84
*
**Full Changelog**: https://github.com/the-pod-shop/opnsense-helper/commits/production
deprecated
still requires frontend
What's Changed
* Update README.md by ji-podhead in https://github.com/the-pod-shop/opnsense-helper/pull/1
New Contributors
* ji-podhead made their first contribution in https://github.com/the-pod-shop/opnsense-helper/pull/1
**Full Changelog**: https://github.com/the-pod-shop/opnsense-helper/commits/production
production
- no more frontend code required
- much faster, since no api api calls are used
- reconfiguring vlans using paramiko exec_command
bash
def reconfigure_vlans(helper):
stdin, stdout, stderr = helper.ssh.exec_command('/usr/local/opnsense/scripts/interfaces/reconfigure_vlans.php')
output = stdout.read().decode('utf-8')
print(output)
error = stderr.read().decode('utf-8')
if error:
print(f"Fehler: {error}")
What's Changed
* https://github.com/the-pod-shop/opnsense-helper/commit/32ac9d3911401ef197f78ad83d3f8d9f90f5fe84
*
**Full Changelog**: https://github.com/the-pod-shop/opnsense-helper/commits/production
deprecated
still requires frontend
What's Changed
* Update README.md by ji-podhead in https://github.com/the-pod-shop/opnsense-helper/pull/1
New Contributors
* ji-podhead made their first contribution in https://github.com/the-pod-shop/opnsense-helper/pull/1
**Full Changelog**: https://github.com/the-pod-shop/opnsense-helper/commits/production