| Description | Command |
| Reload the Firewall with all the configuration. This also restarts the webgui and sshd – but keeps the current ssh sessions active just as a regular sshd restart. | /etc/rc.reload_all |
| Manually edit the configuration in /conf/config.xml. Once file has been saved and editor exited, the /tmp/config.cache is removed so the next config reload event will load config.xml, not the cached version. You could run the next command to trigger an instant reload. | viconfig |
| Shows the current state table | pfctl -ss |
| Shows current filter rules | pfctl -sr |
| Show as much as possible. | pfctl -sa |
| Shows current NAT rules | pfctl -sn |
| Activate the pf packet filter – enables all fw functions | pfctl -e |
| Deactivate the pf packet filter – disables all fw functions | pfctl -d |
PFSense: How to add firewall rule at the command line?
There is a command line available in PFSense firewall to allow you to add firewall rules. In the event of locked out from firewall due to miss configuration of firewall rules, you may use command line “easyrule” to add firewall rules to let you get in to firewall again.
Below are the syntax and example of easyrule command:-
Syntax EasyRule function
easyrule pass/block <interface> <protocol> <source IP> <destination ip> [destination port]
Example:
easyrule pass wan tcp 0.0.0.0/0 192.168.0.1 80
easyrule pass wan icmp 1.1.1.1 192.168.0.1
easyrule block wan 1.1.1.1