pfSense port 80 becomes filtered on specific host after logins

bjd2385 · June 7, 2019, 8:08pm

I’ve written a script that I’d like to run as a cronjob (maybe once a day) to back up my pfSense configuration / XML files. It includes the wget statements as in the following documentation –

https://docs.netgate.com/pfsense/en/latest/backup/remote-config-backup.html

And here’s the script –

github.com

bjd2385/datto/blob/master/pfSenseBackup.sh

#! /bin/bash
# Download and save configuration files from pfSense and snapshot with ZFS.

IPs=( "192.168.1.90" )
login="*"
password="*"
PATH="/homePool/home/VMs/pfSenseBackups"

if ! [ -z "$(/bin/ls -A /homePool/home/VMs/pfSenseBackups)" ]
then
    /bin/rm /homePool/home/VMs/pfSenseBackups/*
fi


for IP in "${IPs[@]}"
do
    /usr/bin/wget -qO- --keep-session-cookies --save-cookies "$PATH/cookies.txt" --no-check-certificate "http://$IP/diag_backup.php" \
        | /bin/grep "name='__csrf_magic'" | /bin/sed 's/.*value="\(.*\)".*/\1/' > "$PATH/csrf.txt"

    /usr/bin/wget -qO- --keep-session-cookies --load-cookies "$PATH/cookies.txt" --save-cookies cookies.txt --no-check-certificate \

This file has been truncated. show original

Problem is, when I execute it a couple times from my host, suddenly port 80 becomes filtered.

(base) root@b350-gaming-pc:~# nmap -p 80 192.168.1.90

Starting Nmap 7.60 ( https://nmap.org ) at 2019-06-07 15:52 EDT
Nmap scan report for 192.168.1.90
Host is up (0.00054s latency).

PORT   STATE SERVICE
80/tcp open  http
MAC Address: 52:54:00:8D:0B:9D (QEMU virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds

From a different host, however,

root@ubuntusql:~# nmap -p 80 pfsense

Starting Nmap 7.60 ( https://nmap.org ) at 2019-06-07 19:13 UTC
Nmap scan report for pfsense (192.168.1.90)
Host is up (0.00093s latency).
rDNS record for 192.168.1.90: pfsense.bjd2385.com

PORT   STATE SERVICE
80/tcp open  http
MAC Address: 52:54:00:8D:0B:9D (QEMU virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds

Port shows as open. Is there something that pfSense may be doing to block logins after so many? I can’t seem to find anything on it by Googling.

bjd2385 · June 7, 2019, 8:12pm

I’d also note that, I’m aware, in that script, that I think I could have source'd my .profile instead of writing out all of the paths, but it’ll do for now.

Dexter_Kane · June 7, 2019, 10:59pm

You could try disabling HTTP_REFERER enforcement in the advanced settings, I’m not sure if that would helps but it sounds like it might.

bjd2385 · June 8, 2019, 1:14am

Thanks for this suggestion!

I’ve checked out that page and I’m not sure if adding the IP I’m making these login (backup) requests from to the whitelist has resolved it, or if that was the original problem, but it seems to be working now.

(base) root@b350-gaming-pc:~/cronscripts# zfs list -t snapshot -ro name /homePool/home/VMs/pfSenseBackups
NAME
homePool/home/VMs/pfSenseBackups@1559935085
homePool/home/VMs/pfSenseBackups@1559938950
homePool/home/VMs/pfSenseBackups@1559952929
homePool/home/VMs/pfSenseBackups@1559955720
homePool/home/VMs/pfSenseBackups@1559955731
homePool/home/VMs/pfSenseBackups@1559955733
homePool/home/VMs/pfSenseBackups@1559955734
homePool/home/VMs/pfSenseBackups@1559955735
homePool/home/VMs/pfSenseBackups@1559955737
homePool/home/VMs/pfSenseBackups@1559955738
homePool/home/VMs/pfSenseBackups@1559955739
homePool/home/VMs/pfSenseBackups@1559955740
homePool/home/VMs/pfSenseBackups@1559955742
homePool/home/VMs/pfSenseBackups@1559955743

Getting successful backups now every time I run it.