Reset PF Firewall Automatically While Testing Configuration With Remote Server Over SSH Session

If you are testing PF firewall configuration on a remote server over an SSH session, it is important to have a way to automatically reset the firewall in case something goes wrong and you lose your connection to the server. One way to do this is to use a script that runs periodically and resets the firewall to a known state.

Here’s an example of a simple script that resets the firewall every five minutes:

  1. Create a new script file, for example /root/reset-pf-firewall.sh, with the following content:
#!/bin/sh

while true
do
sleep 300
/sbin/pfctl -f /etc/pf.conf
done

This script runs an infinite loop and waits for five minutes between each iteration. During each iteration, it runs the pfctl command to reload the firewall configuration from the /etc/pf.conf file.

  1. Make the script executable:
chmod +x /root/reset-pf-firewall.sh
  1. Run the script in the background:
nohup /root/reset-pf-firewall.sh &

The nohup command ensures that the script continues to run even if you log out of the SSH session. The & symbol runs the script in the background so that you can continue to use the terminal.

Now, if you make a mistake in your PF firewall configuration and lose your SSH connection, the script will continue to run and reset the firewall every five minutes, allowing you to regain access to the server.

Leave a Comment