Hi Everyone,
I'd like to automate and update my firewall rules and let specific IPv4 prefixes in using uci set & uci delete commands. IPv4 prefixes would be gathered with whois and my firewall rules' names would be the same, let's say "ISP_NAME_FTP".
I found a working solution how to add rules here: https://openwrt.org/docs/guide-user/base-system/uci#examples
My question is how to delete multiple firewall rules with the same name (or all the rules named "ISP_NAME_FTP")?
Cheers
fw_proc() {
local FW_CONF="${1}"
local FW_NAME
config_get FW_NAME "${FW_CONF}" name
if [ "${FW_NAME}" = "ISP_NAME_FTP" ]
then uci -q delete firewall."${FW_CONF}"
fi
}
. /lib/functions.sh
config_load firewall
config_foreach fw_proc rule
config_foreach fw_proc redirect
uci commit firewall
Tried Method #1, because it looks more convenient to me and this is what I got:
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
firewall.@rule[3].name='ISP_NAME_FTP'
firewall.@rule[4].name='ISP_NAME_FTP'
firewall.@rule[5].name='ISP_NAME_FTP'
firewall.@rule[6].name='ISP_NAME_FTP'
firewall.@rule[7].name='ISP_NAME_FTP'
firewall.@rule[8].name='ISP_NAME_FTP'
firewall.@rule[9].name='SIP_PROVIDER'
firewall.@rule[10].name='ISP2_NAME_FTP'
firewall.@rule[11].name='ISP2_NAME_FTP'
root@router:~#
root@router:~#
root@router:~#
root@router:~#
root@router:~# uci show firewall \
> | sed -n -r -e "s/^(.*)\.name='ISP_NAME_FTP'$/delete \1/p" \
> | uci -q batch
root@router:~#
root@router:~#
root@router:~# uci changes
-firewall.cfg0792bd
-firewall.cfg0992bd
-firewall.cfg0b92bd
-firewall.cfg0d92bd
-firewall.cfg0f92bd
-firewall.cfg1292bd
root@router:~#
root@router:~#
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
firewall.@rule[3].name='ISP_NAME_FTP'
firewall.@rule[4].name='ISP_NAME_FTP'
firewall.@rule[5].name='ISP2_NAME_FTP'
root@router:~#
root@router:~#
root@router:~# uci commit firewall
root@router:~#
root@router:~#
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
firewall.@rule[3].name='ISP_NAME_FTP'
firewall.@rule[4].name='ISP_NAME_FTP'
firewall.@rule[5].name='ISP2_NAME_FTP'
root@router:~#
root@router:~#
root@router:~#
root@router:~# uci show firewall \
> | sed -n -r -e "s/^(.*)\.name='ISP_NAME_FTP'$/delete \1/p" \
> | uci -q batch
root@router:~#
root@router:~#
root@router:~#
root@router:~# uci changes
-firewall.cfg0792bd
-firewall.cfg0992bd
-firewall.cfg0c92bd
root@router:~#
root@router:~#
root@router:~# uci commit firewall
root@router:~#
root@router:~#
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
root@router:~#
Something isn't working as planned. 
Forget it, the first method is only reliable when using named UCI sections.
Thank you. Tried it and works 
To understand it more, would you please tell what do these 4 line do?
Thanks dude!
I created a script, now it removes the existing rules if any, and add new rules. 
Thank you!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.