Disable Murus/pf on boot

Murus
Post Reply
travutt
Posts: 1
Joined: Wed Jun 08, 2016 11:28 pm

Disable Murus/pf on boot

Post by travutt » Wed May 10, 2017 9:15 am

Hi, I'm recently having an issue with Proactivity where my IP address is being added to the brute force adaptive list over and over again. I have disabled proactivity on all the services I am using (VNC, ssh, etc) and for whatever reason, the IP is still being blocked. I can open the Proactivity window and remove the IP, but when I try to access one of these services from this IP again, even once, it appears and is blocked. I am frequently locked out of my server because of this.

I want to make sure Murus and the pf rules defined by Murus are NOT loaded when the machine is rebooted. How can I accomplish this? I see lots of folks wanting to ensure the rules are loaded at boot. I see in the manual lots of explanation for how to make sure pf is loaded at boot. But seeing as I am locked out of my own server seemingly every other time I modify a rule in Murus, I want to ensure that if I need to, I can access my APS web interface, reboot my machine, and connect to it. Then and *only* then, will I decide if I want to launch Murus and enable pf. This is the only failsafe for being locked out of the server. If I modify my Murus ruleset and am locked out, and when I reboot, that same ruleset will be loaded, then I have no choice but to drive to the datacenter, which is in another state.

Thanks in advance for any help.

hany
Posts: 474
Joined: Wed Dec 10, 2014 5:20 pm

Re: Disable Murus/pf on boot

Post by hany » Fri May 12, 2017 2:52 pm

Hi, I'm recently having an issue with Proactivity where my IP address is being added to the brute force adaptive list over and over again. I have disabled proactivity on all the services I am using (VNC, ssh, etc) and for whatever reason, the IP is still being blocked. I can open the Proactivity window and remove the IP, but when I try to access one of these services from this IP again, even once, it appears and is blocked. I am frequently locked out of my server because of this.
Hello, this is really strange as proactivity is based on the pf 'overload' parameter, which is disabled if you disable proactivity in Murus. Please double check your runtime pf rules.
I want to make sure Murus and the pf rules defined by Murus are NOT loaded when the machine is rebooted. How can I accomplish this? I see lots of folks wanting to ensure the rules are loaded at boot. I see in the manual lots of explanation for how to make sure pf is loaded at boot. But seeing as I am locked out of my own server seemingly every other time I modify a rule in Murus, I want to ensure that if I need to, I can access my APS web interface, reboot my machine, and connect to it. Then and *only* then, will I decide if I want to launch Murus and enable pf. This is the only failsafe for being locked out of the server. If I modify my Murus ruleset and am locked out, and when I reboot, that same ruleset will be loaded, then I have no choice but to drive to the datacenter, which is in another state.
To avoid pf rules being activated at boot time you can uninstall Murus Boot Scripts (from "Firewall" menu in macos menu bar).
However doing so will also disable the logging system and bandwidth management. So maybe you can leave boot scripts in place and edit /etc/murus.sh commenting the 'pfctl -ef...' lines. This will prevent pf from loading Murus rules but will initialize both the logging system and bandwidht management.
About remote management: you can use the Murus built-in timeout security system in order to test Murus rules or to add and remove new rules and such. This will ensure that if you cannot reconnect back in time, Murus will disable pf. No need to reboot every time. I suggest you to get used to this Murus feature using a "safe" remote machine (being it a VM or a real machine on your desk).

Post Reply