Last active
July 2, 2020 04:49
-
-
Save krisdb2009/677b2a001563a1b73ec79776f6f651c5 to your computer and use it in GitHub Desktop.
pfSense Update NPT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#pfSense update NPT Mappings. (/56 Only) | |
$rt = "ba-rt1" #Router Hostname | |
$un = "root" #UserName | |
$ke = ".\ssh_key" #Key File | |
$it = "lagg0.4094" #IPv6 Tracked Interface | |
$mp = ".\mappings.xml" #NPT Mappings File | |
$fp = "C:\Jobs\pfSense\Update NPT\" #This File Location | |
$ln = 3 #Line # to extract v6 Address | |
$r1 = " inet6 " #Remove from line | |
$r2 = " prefixlen 64" #Remove from line | |
try { | |
Write-Host "Loading modules..." | |
Import-Module -Name (Join-Path -Path $fp -ChildPath ".\System.Net.IPNetwork.dll") | |
Write-Host "Retrieving pfSense configuration..." | |
Start-Process -FilePath "scp.exe" -ArgumentList "-o StrictHostKeyChecking=no", "-i `"$(Join-Path -Path $fp -ChildPath $ke)`"", "$($un)@$($rt):/cf/conf/config.xml", "`"$(Join-Path -Path $fp -ChildPath ".\config.xml")`"" -Wait | |
Write-Host "Retrieving $it IP6 Address..." | |
Start-Process -FilePath "ssh.exe" -ArgumentList "-o StrictHostKeyChecking=no", "-i `"$(Join-Path -Path $fp -ChildPath $ke)`"", "$($un)@$($rt)", "ifconfig", $it, "inet6" -RedirectStandardOutput (Join-Path -Path $fp -ChildPath ".\interface_ip") -Wait | |
Write-Host "Loading configuration files..." | |
$pfConfig = [System.Xml.XmlDocument]::new() | |
$pfConfig.Load((Join-Path -Path $fp -ChildPath ".\config.xml")) | |
$mpConfig = [System.Xml.XmlDocument]::new() | |
$mpConfig.Load((Join-Path -Path $fp -ChildPath $mp)) | |
Write-Host "Determining TrackV6 Prefix..." | |
$raw6 = Get-Content -Path (Join-Path -Path $fp -ChildPath ".\interface_ip") | |
$raw6s = $raw6.Split("`n") | |
$rawl6 = $raw6s[$ln] | |
$rawl6 = $rawl6.Replace($r1, "") | |
$match6 = $rawl6.Replace($r2, "") | |
$track_ip6 = [System.Net.IPNetwork]::Parse("$($match6)/56") | |
$track_prefix = $track_ip6.Network.ToString().Replace("00::", "") | |
Write-Host "Removing old mappings from pfConfig..." | |
foreach($pfNPT in $pfConfig.pfsense.nat.npt) { | |
$mapping = $null | |
foreach($mpNPT in $mpConfig.mappings.npt) { | |
if($mpNPT.descr."#cdata-section" -eq $pfNPT.descr."#cdata-section") { | |
$mapping = $mpNPT | |
break | |
} | |
} | |
if(-not ($mapping -eq $null)) { | |
$pfConfig.pfsense.nat.RemoveChild($pfNPT) | |
} | |
} | |
Write-Host "Inserting new mappings from mpConfig to pfConfig..." | |
foreach($mpNPT in $mpConfig.mappings.npt) { | |
$mpNPT = $pfConfig.ImportNode($mpNPT, $true) | |
$mpNPT.destination.address = "$($track_prefix)$($mpNPT.destination.address)" | |
$pfConfig.pfsense.nat.AppendChild($mpNPT) | |
} | |
Write-Host "Saving pfConfig..." | |
$pfConfig.Save((Join-Path -Path $fp -ChildPath ".\config.xml")) | |
Write-Host "Uploading pfConfig..." | |
Start-Process -FilePath "scp.exe" -ArgumentList "-o StrictHostKeyChecking=no", "-i `"$(Join-Path -Path $fp -ChildPath $ke)`"", "`"$(Join-Path -Path $fp -ChildPath ".\config.xml")`"", "$($un)@$($rt):/cf/conf/config.xml" -Wait | |
Write-Host "Reloading pfSense Filters..." | |
Start-Process -FilePath "ssh.exe" -ArgumentList "-o StrictHostKeyChecking=no", "-i `"$(Join-Path -Path $fp -ChildPath $ke)`"", "$($un)@$($rt)", "/etc/rc.filter_configure" -Wait | |
Write-Host "Cleaning up..." | |
#Remove-Item -Path (Join-Path -Path $fp -ChildPath ".\config.xml") | |
Remove-Item -Path (Join-Path -Path $fp -ChildPath ".\interface_ip") | |
} catch { | |
Write-Host "An error occured! Aborting..." | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment