creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-pfsense-firewall-rules/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.4 KiB
Raw Blame History

API Reference: pfSense Firewall Configuration Agent

Overview

Manages pfSense firewall rules via the REST API: creates LAN/DMZ/Guest isolation rules, configures NAT port forwarding, and audits rules for overly permissive or undocumented entries.

Dependencies

Package Version Purpose
requests >=2.28 pfSense REST API communication

Prerequisites

  • pfSense 2.7+ with the pfsense-api package installed
  • API key and secret configured in pfSense WebConfigurator

CLI Usage

# Audit existing rules
python agent.py --url https://192.168.1.1 --api-key <key> --api-secret <secret> --audit-only

# Create DMZ and Guest isolation rules
python agent.py --url https://192.168.1.1 --api-key <key> --api-secret <secret> \
  --setup-dmz --setup-guest

Key Functions

PfSenseAPI(base_url, api_key, api_secret)

REST API client for pfSense with GET, POST, PUT, DELETE methods.

get_firewall_rules(api)

Retrieves all configured firewall rules from pfSense.

create_firewall_rule(api, interface, action, protocol, source, destination, dst_port, description)

Creates a new firewall rule on the specified interface.

create_lan_to_wan_rules(api)

Creates standard LAN egress rules: HTTP, HTTPS, DNS allowed; all else blocked.

create_dmz_rules(api, dmz_interface)

Creates DMZ isolation rules: inbound web traffic allowed, DMZ-to-LAN blocked.

create_guest_isolation_rules(api, guest_interface)

Blocks guest network from all RFC1918 ranges, allows internet-only access.

configure_nat_port_forward(api, interface, external_port, target_ip, target_port)

Creates NAT port forwarding rules for inbound service access.

audit_firewall_rules(rules)

Audits for: any-to-any pass rules, undocumented rules, and disabled rules.

pfSense API Endpoints Used

Endpoint Method Purpose
/api/v1/firewall/rule GET List all rules
/api/v1/firewall/rule POST Create new rule
/api/v1/firewall/nat/port_forward POST Create NAT rule
/api/v1/diagnostics/system_log/firewall GET Retrieve firewall logs

Rule Templates

Template Rules Purpose
LAN-to-WAN 5 Standard egress (HTTP, HTTPS, DNS + block all)
DMZ 6 Web inbound, block to LAN, limited outbound
Guest 6 Block RFC1918, allow internet only
Reference in New Issue View Git Blame Copy Permalink