Feature #14710
openPossible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
0%
Description
Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is anything that could be tied directly into the GUI firewall rules page.
RULE BASE FLAGGING VIA VISUAL LED ON FRONT PANEL
Value addon: Increase in visibility for specific firewall rules and or devices that are connecting without any changes to hardware. Can be coded to only work with dormant non utilized LEDS.
Example:
Example of what can occur: .... Drifting off into dreamland ....
It's 11pm and someone turns on a gaming system, you know this individual has a test or maybe a soccer game tomorrow, all the sudden your firewall'a state established LED turns on and glows red.
I sprang from my bed to see what was the matter. Away to the TV I flew like a flash, tore open the door, and went with dash. When, what to my wondering eyes should appear, the little one again with game controller in hand. Now little one, you stand with a solemn face... go to bed ! Go to bed! Go back to bed now!"
Reality this is a possible way to tie LEDS directly into a rule id within the ACL list
You could even tie this into VPN rules or anything you wanted to alarm you.
I have tested this and it does work with cron
deviceonlinenight.sh
#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ]; 
then
  sysctl -q dev.gpio.2.led.0.pwm=1
  gpioctl -f /dev/gpioc2 0 duty 200 >/dev/null
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 200 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 6 duty 200 >/dev/null
else
  sysctl -q dev.gpio.2.led.0.pwm=1
  gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 1 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 5 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 8 duty 0 >/dev/null
fi
deviceonlineday
#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ]; 
then
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 100 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 6 duty 100 >/dev/null
else
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 100 >/dev/null
fi
Ref researching:
https://forum.netgate.com/topic/182391/2100-led-question
https://forums.freebsd.org/threads/bin-sh-how-to-save-a-shell-command-output-into-a-string-variable.90088/
https://github.com/luckman212/Netgate-SG2100-scripts
https://www.zacharyschneider.ca/2019/12/customizing-leds-netgate-sg-3100/
https://forum.netgate.com/topic/122407/netgate-sg-3100-leds?ref=zacharyschneider.ca
Files