pfsense cli




臨時更改 IP, default gw 及 DNS:


ifconfig em0 x.x.x.x netmask

route add default y.y.y.y

echo "nameserver x.x.x.x" > /etc/resolv.conf


Temporarily disable firewall


# Disable:

pfctl -d

# 重開:

pfctl -e


pfctl Usage


pfctl -sn     Show current NAT rules

pfctl -sr     Show current filter rules

pfctl -ss     Show the current state table

pfctl -sa     Show everything it can show


# add an "allow all" rule on the WAN:


pfSsh.php playback enableallowallwan


# 加入一條 rule 到 Wan 的 rule list 尾:


pf version >= 2

easyrule block wan <source_ip>

easyrule pass <wan|lan|...>[protocol] <source_ip> <dest_ip> [port]


# Remote IP(Source): x.x.x.x
# WAN IP: y.y.y.y

easyrule pass wan tcp x.x.x.x y.y.y.y 443


PW Reset:


1. Reboot the pfSense box

2. Choose option 4 (Single User Mode)

3. 行 /sbin/mount -a -t ufs

4. 行 /etc/rc.initial.password

5. Reboot


Can Not access WEB GUI


killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui



reload config.xml


rm /tmp/config.cache

The command viconfig will bring up the config.xml in vi, and upon exiting vi, removes the configuration cache file automatically.


Disable HTTP_REFERER enforcement check








# 有什麼 listen

netstat -p tcp

# show service enable

service -e

# show all

service -l


Restart web panel


killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui







Creative Commons license icon Creative Commons license icon