I wrote some sh scripts to enable/disable firewall rules through mqtt. The idea is that I can use Homeassistant to turn on/off internet to different devices.
I need to work on security (using non-encrypted mqtt messages) but would be interested to know if this is of interest to anyone else.
4 Likes
nice... sample mqqtoggle service with initscript
- uses uci 'name=mqqtoggle-ABC' (most sections not just firewall)
- stores most of the service config in /etc/config/mqqtoggle
- removed dependancy on grep-full
- requires nmap(check mqqt server is up), pgrep, mosquitto, mkfifo
most of the yml is ignored
Yes, this is very relevant to my interests, many thanks for posting it!
been playing with this a little... would like to know if anyone has;
a) some more general mqqt commands for non homeassistant common use cases
i.e. does domoticz/tazmota/nodered/whatever integrate similarly? how are the calls different?
b) particularly stuff that is non-toggle (i.e. enabled=1 or 0) such as potentiometers, humidistats and whatnot...
c) what common things would you ask the router to do other than enable a firewall ruleset? (start or stop a vpn etc.)
I'm using OpenWRT + Mosquitto broker in a rpi4, and OpenHAB installed in a QNAP NAS. Shouldn't be a problem to use these scripts in such environment, although I can't test in the next weeks.
- Enable / disable SSID's
- Send commands to unifi mgmt tool
- Collect statistics from OpenWRT
- Collect statistics from unifi mgmt tool
1 Like
whenever you get some time... would be great to extend the API and functions...
cheers...
current api log and samples for reference
###################################################################
#wireless.radio0.name='mqqtoggle-ifacewifienable'
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/ifacewifienable/set' -m ON
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/ifacewifienable/set' -m OFF
###################################################################
#wireless.default_radio0.name='mqqtoggle-wifiradioenable'
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/radiowifienable/set' -m ON
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/radiowifienable/set' -m OFF
###################################################################
#mwan3.unknown=something
#mwan3.unknown.name='mqqtoggle-dude'
#mwan3.unknown.family='ipv4'
#mwan3.unknown.reliability='2'
#mwan3.unknown.enabled='0'
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/dude/set' -m ON
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/dude/set' -m OFF
#####################################################################
#firewall.@rule[5].name='mqqtoggle-nowandhcp6'
#firewall.@rule[5].src='wan'
#firewall.@rule[5].proto='udp'
#firewall.@rule[5].src_ip='fc00::/6'
#firewall.@rule[5].dest_ip='fc00::/6'
#firewall.@rule[5].dest_port='546'
#firewall.@rule[5].family='ipv6'
#firewall.@rule[5].target='ACCEPT'
#firewall.@rule[5].enabled='0'
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/nowandhcp6/set' -m ON
#mosquitto_pub -h 127.0.0.1 -p 1883 -u test -P test -t 'homeassistant/switch /openwrt/nowandhcp6/set' -m OFF
################################################ logread
#[rcv-cmd] homeassistant/switch /openwrt/radiowifienable/set OFF uci -q set wireless.default_radio0.disabled=0 [ok]
#[rcv-cmd] homeassistant/switch /openwrt/radiowifienable/set ON uci -q set wireless.default_radio0.disabled=1 [ok]
#[rcv-cmd] homeassistant/switch /openwrt/nowandhcp6/set OFF uci -q set firewall.@rule[5].enabled=1 [ok]
################################################ uci show mqqtoggle
#mqqtoggle.mqqtoggle=mqqtoggle
#mqqtoggle.mqqtoggle.mqqt_username='test'
#mqqtoggle.mqqtoggle.mqqt_password='test'
#mqqtoggle.mqqtoggle.listen_ip='127.0.0.1'
#mqqtoggle.mqqtoggle.listen_port='1883'
#mqqtoggle.mqqtoggle.mqtt_general_prefix='homeassistant'
#mqqtoggle.mqqtoggle.mqtt_general_type='switch'
#mqqtoggle.mqqtoggle.demo_mode='1'
################################################ /etc/init.d/mqqtoggle toggleinfo
###list known handles mqqtoggle
firewall.@rule[4] mqqtoggle-test1 0
firewall.@rule[5] mqqtoggle-fish 1
firewall.@rule[6] mqqtoggle-fish-extra 0
mwan3.unknown mqqtoggle-dude 0
wireless.radio0 mqqtoggle-ifacewifi 0
wireless.default_radio0 mqqtoggle-radiowifi 1
################################################ uci changes
firewall.cfg0a92bd.enabled='1'
mwan3.unknown.enabled='0'
wireless.default_radio0.disabled='1'
wireless.default_radio0.disabled='0'
wireless.default_radio0.disabled='1'
I am using this scripts for quiet some time now. Mainly for blocking outgoing internet connections for different devices. It's working pretty stable, but it requires some manual configuration when setting it up for the first time. In addition you have to manually edit one configuration file every time you want to add a new switch.
1 Like