Hi,
I have a question about how can I disable all filters via SSH.
I have tried find sometihing about this in forum with any results.
Perhaps it could be done via commands with parameters or by editing configuration files and then forcing a physical or service restart for the changes to take effect.
Let me know.
Best regards.
Can you provide more info on which filters you are interested in disabling via ssh and also why it needs to be done via ssh and not via the WUI?
Every WUI menu is not 100% identical in how or where it disables things so you would need to probably edit things in multiple places depending on exactly what it is you need to disable.
Also you would need to be very careful to not make any mistakes as editing the files directly will not have any error checking and a mistake might stop everything working.
Make sure you have a recent backup available and downloaded from the IPFire system and be prepared with all required information in case you have to do a fresh install.
Hi Adolf.
The reason for this is to be able to disable these modules via SSH when there are suspected WUI access issues or any other problem, and thus eliminate elements from the equation.
The modules would be:
Network:
Web Proxy
URL Filter
Services:
IPsec
Wireguard
OpenVPN
Firewall:
Some rules of Firewall
Intrusión Prevention
IP Address Blocklist
Location Block
It seems strange that you ask this, but I’ve always wondered if it could be done.
Thanks for your answer.
Bye.
This can be done by analysis of the WUI .cgi files.
Mostly the general processing is
But I fear there can’t be given a general receipt matching all modules mentioned. The programs itself differ in the configuration files and .cgi files are built around this specifics.
If you are logged in via ssh you can run elinks to access the wui via localhost.
But be warned elinks is not comfortable…
elinks isn’t really a solution for web access from the command line, nowadays.
Web pages are complex and use many features, which can’t be emulated in a character oriented interface.
IMO.
For me, the best way to return to a standard configuration with SSH is to perform a backup immediately after the setup of the newly installed version (or a backup created for emergency purposes with SSH enabled).
And use the backupctrl command.
backupctrl restore /var/ipfire/backup/<My emergency backup>.ipf
Hi,
It might not be a bad idea in certain circumstances, but doing so could potentially lose your entire IPFire configuration, and I don’t want that to happen. I know you can reload a backup of the configuration later, but I prefer to simply disable the protection modules.
Thanks anyway.
Bye
In most cases it works to reenable the webaccess via network if you have locked out before. The firewall rule editor is a bit buggy in elinks because also invisible (not valid) options are shown but it works,
Hi all, why not using the initscripts or misc-progs via SSH ? A marker can also be set if a service is already stopped so it won´t be started again if a mark has been set. This is not a substitute for configuring it via WUI but for a emergency case ? Why not ?
Possible idea !!! USE TESTING SYSTEMS FOR THIS 
!!!
#!/bin/bash
###############################################################################
# IPFire Remote Service Controller
#
# WARNING:
# This script starts and stops services directly via SSH.
# Changes made here are NOT reflected in the IPFire Web Interface!
# If you stop a service with this script, you should also start it again with this script.
# For permanent changes, always use the Web Interface.
#
# Features:
# - Interactive local menu for status, stop, start, and restart actions.
# - Only services that were running before are stopped and marked.
# - Only services stopped by this script are started/restarted.
# - Action summary after each operation!
# - After each operation, the marker file and marker directory are cleanly removed.
# - Easily extendable: Add more services by editing the arrays below.
#
# Usage:
# 1. Adjust USER, HOST, and PORT variables to match your IPFire setup.
# 2. Make the script executable: chmod +x ipfire-service-controller.sh
# 3. Run it: ./ipfire-service-controller.sh
###############################################################################
echo "WARNING:"
echo "This script starts and stops services directly on the system."
echo "Changes made here are NOT reflected in the IPFire Web Interface."
echo "If you stop a service with this script, you should also start it again with this script."
echo "For permanent changes, always use the Web Interface!"
echo
sleep 2
# === CONFIGURATION ===
USER="root"
HOST="Your_IPFIre-IP/Hostname" # Change to your IPFire IP or hostname
PORT="222"
MARKER_DIR="/run/ipfire-service-controller"
MARKER_FILE="$MARKER_DIR/stopped_by_script"
# === Service Definitions ===
SERVICES=("squid" "suricata" "wireguard" "openvpn")
START_CMDS=(
"/etc/init.d/squid start"
"/usr/local/bin/suricatactrl start"
"/usr/local/bin/wireguardctrl start"
"/usr/local/bin/openvpnctrl -s"
)
STOP_CMDS=(
"/etc/init.d/squid stop"
"/usr/local/bin/suricatactrl stop"
"/usr/local/bin/wireguardctrl stop"
"/usr/local/bin/openvpnctrl -k"
)
STATUS_CMDS=(
"ps aux | grep '[s]quid'"
"ps aux | grep '[s]uricata' | grep -v watcher"
"ps aux | grep '[w]ireguard'"
"ps aux | grep '[o]penvpn'"
)
# === Main Menu and Action Execution ===
show_status() {
ssh -p "$PORT" "$USER@$HOST" 'bash -s' <<'ENDSSH'
GREEN="\033[0;32m"
RED="\033[0;31m"
NC="\033[0m" # No Color
echo "=== Service Status ==="
echo "----------------------"
# Squid
echo -n "[Squid] "
if ps aux | grep "[s]quid" > /dev/null; then
pids=$(ps aux | grep "[s]quid" | awk '{print $2}' | paste -sd,)
echo -e "${GREEN}RUNNING${NC} (PID(s): $pids)"
else
echo -e "${RED}NOT RUNNING${NC}"
fi
# Suricata
echo -n "[Suricata] "
if ps aux | grep "[s]uricata" | grep -v watcher > /dev/null; then
pids=$(ps aux | grep "[s]uricata" | grep -v watcher | awk '{print $2}' | paste -sd,)
echo -e "${GREEN}RUNNING${NC} (PID(s): $pids)"
else
echo -e "${RED}NOT RUNNING${NC}"
fi
# WireGuard
echo -n "[WireGuard] "
if ps aux | grep "[w]ireguard" > /dev/null; then
pids=$(ps aux | grep "[w]ireguard" | awk '{print $2}' | paste -sd,)
echo -e "${GREEN}RUNNING${NC} (PID(s): $pids)"
else
echo -e "${RED}NOT RUNNING${NC}"
fi
# OpenVPN
echo -n "[OpenVPN] "
if ps aux | grep "[o]penvpn" > /dev/null; then
pids=$(ps aux | grep "[o]penvpn" | awk '{print $2}' | paste -sd,)
echo -e "${GREEN}RUNNING${NC} (PID(s): $pids)"
else
echo -e "${RED}NOT RUNNING${NC}"
fi
echo "----------------------"
ENDSSH
}
stop_services() {
ssh -p "$PORT" "$USER@$HOST" 'bash -s' <<'ENDSSH'
MARKER_DIR="/run/ipfire-service-controller"
MARKER_FILE="$MARKER_DIR/stopped_by_script"
mkdir -p "$MARKER_DIR"
> "$MARKER_FILE"
stopped_any=0
declare -A action_status
# Squid
if ps aux | grep "[s]quid" > /dev/null; then
/etc/init.d/squid stop
echo "squid" >> "$MARKER_FILE"
action_status["Squid"]="STOPPED"
stopped_any=1
else
action_status["Squid"]="ALREADY STOPPED"
fi
# Suricata
if ps aux | grep "[s]uricata" | grep -v watcher > /dev/null; then
/usr/local/bin/suricatactrl stop
echo "suricata" >> "$MARKER_FILE"
action_status["Suricata"]="STOPPED"
stopped_any=1
else
action_status["Suricata"]="ALREADY STOPPED"
fi
# WireGuard
if ps aux | grep "[w]ireguard" > /dev/null; then
/usr/local/bin/wireguardctrl stop
echo "wireguard" >> "$MARKER_FILE"
action_status["WireGuard"]="STOPPED"
stopped_any=1
else
action_status["WireGuard"]="ALREADY STOPPED"
fi
# OpenVPN
if ps aux | grep "[o]penvpn" > /dev/null; then
/usr/local/bin/openvpnctrl -k
echo "openvpn" >> "$MARKER_FILE"
action_status["OpenVPN"]="STOPPED"
stopped_any=1
else
action_status["OpenVPN"]="ALREADY STOPPED"
fi
if [ $stopped_any -eq 1 ]; then
echo "Services stopped. Marker written to $MARKER_FILE"
else
echo "No services were running. No marker written."
rm -f "$MARKER_FILE"
rmdir --ignore-fail-on-non-empty "$MARKER_DIR"
fi
echo
echo "=== Service Action Summary ==="
echo "-----------------------------"
printf "[%-10s] %s\n" "Squid" "${action_status[Squid]}"
printf "[%-10s] %s\n" "Suricata" "${action_status[Suricata]}"
printf "[%-10s] %s\n" "WireGuard" "${action_status[WireGuard]}"
printf "[%-10s] %s\n" "OpenVPN" "${action_status[OpenVPN]}"
echo "-----------------------------"
ENDSSH
}
start_services() {
ssh -p "$PORT" "$USER@$HOST" 'bash -s' <<'ENDSSH'
MARKER_DIR="/run/ipfire-service-controller"
MARKER_FILE="$MARKER_DIR/stopped_by_script"
declare -A action_status
if [ -f "$MARKER_FILE" ]; then
while read service; do
case "$service" in
squid)
/etc/init.d/squid start
action_status["Squid"]="STARTED"
;;
suricata)
/usr/local/bin/suricatactrl start
action_status["Suricata"]="STARTED"
;;
wireguard)
/usr/local/bin/wireguardctrl start
action_status["WireGuard"]="STARTED"
;;
openvpn)
/usr/local/bin/openvpnctrl -s
action_status["OpenVPN"]="STARTED"
;;
*)
;;
esac
done < "$MARKER_FILE"
rm -f "$MARKER_FILE"
rmdir --ignore-fail-on-non-empty "$MARKER_DIR"
echo "Marker file and directory removed."
else
action_status["Squid"]="ALREADY STOPPED"
action_status["Suricata"]="ALREADY STOPPED"
action_status["WireGuard"]="ALREADY STOPPED"
action_status["OpenVPN"]="ALREADY STOPPED"
echo "No marker file found. No services to start."
rmdir --ignore-fail-on-non-empty "$MARKER_DIR"
fi
echo
echo "=== Service Action Summary ==="
echo "-----------------------------"
printf "[%-10s] %s\n" "Squid" "${action_status[Squid]:-ALREADY STOPPED}"
printf "[%-10s] %s\n" "Suricata" "${action_status[Suricata]:-ALREADY STOPPED}"
printf "[%-10s] %s\n" "WireGuard" "${action_status[WireGuard]:-ALREADY STOPPED}"
printf "[%-10s] %s\n" "OpenVPN" "${action_status[OpenVPN]:-ALREADY STOPPED}"
echo "-----------------------------"
ENDSSH
}
restart_services() {
ssh -p "$PORT" "$USER@$HOST" 'bash -s' <<'ENDSSH'
MARKER_DIR="/run/ipfire-service-controller"
MARKER_FILE="$MARKER_DIR/stopped_by_script"
mkdir -p "$MARKER_DIR"
> "$MARKER_FILE"
stopped_any=0
declare -A action_status
# Stop-Phase
if ps aux | grep "[s]quid" > /dev/null; then
/etc/init.d/squid stop
echo "squid" >> "$MARKER_FILE"
action_status["Squid"]="RESTARTED"
stopped_any=1
else
action_status["Squid"]="ALREADY STOPPED"
fi
if ps aux | grep "[s]uricata" | grep -v watcher > /dev/null; then
/usr/local/bin/suricatactrl stop
echo "suricata" >> "$MARKER_FILE"
action_status["Suricata"]="RESTARTED"
stopped_any=1
else
action_status["Suricata"]="ALREADY STOPPED"
fi
if ps aux | grep "[w]ireguard" > /dev/null; then
/usr/local/bin/wireguardctrl stop
echo "wireguard" >> "$MARKER_FILE"
action_status["WireGuard"]="RESTARTED"
stopped_any=1
else
action_status["WireGuard"]="ALREADY STOPPED"
fi
if ps aux | grep "[o]penvpn" > /dev/null; then
/usr/local/bin/openvpnctrl -k
echo "openvpn" >> "$MARKER_FILE"
action_status["OpenVPN"]="RESTARTED"
stopped_any=1
else
action_status["OpenVPN"]="ALREADY STOPPED"
fi
# Start-Phase
if [ -s "$MARKER_FILE" ]; then
while read service; do
case "$service" in
squid)
/etc/init.d/squid start
;;
suricata)
/usr/local/bin/suricatactrl start
;;
wireguard)
/usr/local/bin/wireguardctrl start
;;
openvpn)
/usr/local/bin/openvpnctrl -s
;;
*)
;;
esac
done < "$MARKER_FILE"
rm -f "$MARKER_FILE"
rmdir --ignore-fail-on-non-empty "$MARKER_DIR"
echo "Marker file and directory removed."
else
echo "No services were running. Nothing to restart."
rm -f "$MARKER_FILE"
rmdir --ignore-fail-on-non-empty "$MARKER_DIR"
fi
echo
echo "=== Service Action Summary ==="
echo "-----------------------------"
printf "[%-10s] %s\n" "Squid" "${action_status[Squid]}"
printf "[%-10s] %s\n" "Suricata" "${action_status[Suricata]}"
printf "[%-10s] %s\n" "WireGuard" "${action_status[WireGuard]}"
printf "[%-10s] %s\n" "OpenVPN" "${action_status[OpenVPN]}"
echo "-----------------------------"
ENDSSH
}
echo "What would you like to do on your IPFire system?"
select opt in "Show status" "Stop all services" "Start all services" "Restart all services" "Exit"; do
case $REPLY in
1)
show_status
break
;;
2)
stop_services
break
;;
3)
start_services
break
;;
4)
restart_services
break
;;
5)
echo "Exiting."
exit 0
;;
*)
echo "Invalid selection."
;;
esac
done
# EOF
The script should be not that hard to extend with other services ?
But may also too complicated ?!
Best,
Erik
Thank Erik for this!!!.
Guten Tag allerseits aus Spanien