Restart Murus-based ruleset from command line?

Murus
Post Reply
pentcheff
Posts: 4
Joined: Fri Feb 12, 2016 10:09 pm

Restart Murus-based ruleset from command line?

Post by pentcheff » Tue Feb 16, 2016 7:51 pm

How would I restart a Murus-based PF setup from the command line? Normally, I'd log in using the physical (or virtual) display on the Mac, make a change using Murus, then restart using the start arrow from the Murus top bar.

However, if I log in using ssh and directly edit a Murus configuration file (for example, change an IP number in /etc/murus.tables), I don't have access to a GUI where I can run the Murus front end.

What's the best way to restart the firewall (so that it will pick up edits to Murus configuration files) without using the Murus GUI?

Thanks!

hany
Posts: 480
Joined: Wed Dec 10, 2014 5:20 pm

Re: Restart Murus-based ruleset from command line?

Post by hany » Thu Feb 18, 2016 2:04 am

First of all let's make clear that "Murus configuration" and "PF configuration" are different things.

Murus configuration is made of a property list xml file stored in /Library/Preferences. This file should not be edited manually. This file is read when Murus opens, and saved when Murus is closed or when you click PLAY in Murus toolbar.

PF configuration is created (or updated) by Murus each time you click PLAY in Murus toolbar. This configuration is stored in /etc/murus directory, and can be edited manually (from terminal or any text editor). However editing it manually is not safe because the first time you run Murus it will overwrite your hand-made changes. So you can use a manually customized PF configuration as long as you don't run Murus app anymore.
However, if I log in using ssh and directly edit a Murus configuration file (for example, change an IP number in /etc/murus.tables), I don't have access to a GUI where I can run the Murus front end.
In this case you are modifying PF configuration , not Murus configuration. Once done, you just have to tell pf to re-read its configuration files and apply the new ruleset. This is achieved running this shell command from the terminal, providing administrator password:

Code: Select all

sudo pfctl -f /etc/murus/murus.conf
This is the only way to do it. Your changes will be persistent and will be loaded at boot time, as long as they are correct. Again: please remember that you will loose your hand-made customization if you click PLAY in Murus app.

P.S.:
if you just need to add (or remove) an IP address (or host) to a PF table, then you can do it in runtime, you don't need to edit any file. However this setting will not survive a reboot. For example:

to list all PF tables in PF root:

Code: Select all

sudo pfctl -sT
to empty <_blacklist> PF table:

Code: Select all

sudo pfctl -t _blacklist -T flush
to add an IP address to <_blacklist> PF table:

Code: Select all

sudo pfctl -t _blacklist -T add 192.168.1.1
to remove an IP address from <_blacklist> PF table:

Code: Select all

sudo pfctl -t _blacklist -T delete 192.168.1.1
to display <_blacklist> PF table content:

Code: Select all

sudo pfctl -t _blacklist -T show
don't forget the PF table path... for example if the PF table is in an anchor and not in the PF root, like the Murus' <bruteforce> PF table, which is in /murus.inbound anchor, then you have to specify the table path.
To add an IP address to <bruteforce> PF table:

Code: Select all

sudo pfctl -a /murus.inbound -t bruteforce -T add 192.168.1.1
to list all PF tables in Murus inbound anchor:

Code: Select all

sudo pfctl -a /murus.inbound -sT

pentcheff
Posts: 4
Joined: Fri Feb 12, 2016 10:09 pm

Re: Restart Murus-based ruleset from command line?

Post by pentcheff » Thu Feb 18, 2016 2:29 am

Thank you for that excellent, clear response — got it.

And thank you for your excellent Murus software!

hany
Posts: 480
Joined: Wed Dec 10, 2014 5:20 pm

Re: Restart Murus-based ruleset from command line?

Post by hany » Thu Feb 18, 2016 12:36 pm

You are welcome :)

Post Reply