FauxAPI for pfSense

FauxAPI started as a personal project to provide a programmatic interface to pfSense for managing changes to the config.xml file that defines a pfSense system. The project has been running for 2 years and has remained stable across pfSense releases 2.3.x and 2.4.x and has attracted a reasonable following.

From the documentation

Approach

At its core FauxAPI simply reads the core pfSense config.xml file, converts it to JSON and returns to the API caller. Similarly it can take a JSON formatted configuration and write it to the pfSense config.xml and handles the required reload operations. The ability to programmatically interface with a running pfSense host(s) is enormously useful however it should also be obvious that this provides the API user the ability to create configurations that can break your pfSense system.

FauxAPI provides easy backup and restore API interfaces that by default store configuration backups on all configuration write operations thus it is very easy to roll-back even if the API user manages to deploy a “very broken” configuration.

Multiple sanity checks take place to make sure a user provided JSON config will correctly convert into the (slightly quirky) pfSense XML config.xml format and then reload as expected in the same way. However, because it is not a real per-action application-layer interface it is still possible for the API caller to create configuration changes that make no sense and can potentially disrupt your pfSense system - as the package name states, it is a “Faux” API to pfSense filling a gap in functionality with the current pfSense product.

Github

Releases

The project is alive and well with an ecosystem of projects appearing around it:-

Screenshots

FauxAPI - System Menu
alt text

FauxAPI - Package Manager
alt text