zsolti
January 1, 2022, 12:17am
1
Hi Everyone,
I'd like to automate and update my firewall rules and let specific IPv4 prefixes in using uci set
& uci delete
commands. IPv4 prefixes would be gathered with whois
and my firewall rules' names would be the same, let's say "ISP_NAME_FTP".
I found a working solution how to add rules here: https://openwrt.org/docs/guide-user/base-system/uci#examples
My question is how to delete multiple firewall rules with the same name (or all the rules named "ISP_NAME_FTP")?
Cheers
1 Like
fw_proc() {
local FW_CONF="${1}"
local FW_NAME
config_get FW_NAME "${FW_CONF}" name
if [ "${FW_NAME}" = "ISP_NAME_FTP" ]
then uci -q delete firewall."${FW_CONF}"
fi
}
. /lib/functions.sh
config_load firewall
config_foreach fw_proc rule
config_foreach fw_proc redirect
uci commit firewall
1 Like
zsolti
January 1, 2022, 2:03pm
3
Thank you @vgaetera , will try it soon
zsolti
January 1, 2022, 2:40pm
4
Tried Method #1 , because it looks more convenient to me and this is what I got:
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
firewall.@rule[3].name='ISP_NAME_FTP'
firewall.@rule[4].name='ISP_NAME_FTP'
firewall.@rule[5].name='ISP_NAME_FTP'
firewall.@rule[6].name='ISP_NAME_FTP'
firewall.@rule[7].name='ISP_NAME_FTP'
firewall.@rule[8].name='ISP_NAME_FTP'
firewall.@rule[9].name='SIP_PROVIDER'
firewall.@rule[10].name='ISP2_NAME_FTP'
firewall.@rule[11].name='ISP2_NAME_FTP'
root@router:~#
root@router:~#
root@router:~#
root@router:~#
root@router:~# uci show firewall \
> | sed -n -r -e "s/^(.*)\.name='ISP_NAME_FTP'$/delete \1/p" \
> | uci -q batch
root@router:~#
root@router:~#
root@router:~# uci changes
-firewall.cfg0792bd
-firewall.cfg0992bd
-firewall.cfg0b92bd
-firewall.cfg0d92bd
-firewall.cfg0f92bd
-firewall.cfg1292bd
root@router:~#
root@router:~#
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
firewall.@rule[3].name='ISP_NAME_FTP'
firewall.@rule[4].name='ISP_NAME_FTP'
firewall.@rule[5].name='ISP2_NAME_FTP'
root@router:~#
root@router:~#
root@router:~# uci commit firewall
root@router:~#
root@router:~#
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
firewall.@rule[3].name='ISP_NAME_FTP'
firewall.@rule[4].name='ISP_NAME_FTP'
firewall.@rule[5].name='ISP2_NAME_FTP'
root@router:~#
root@router:~#
root@router:~#
root@router:~# uci show firewall \
> | sed -n -r -e "s/^(.*)\.name='ISP_NAME_FTP'$/delete \1/p" \
> | uci -q batch
root@router:~#
root@router:~#
root@router:~#
root@router:~# uci changes
-firewall.cfg0792bd
-firewall.cfg0992bd
-firewall.cfg0c92bd
root@router:~#
root@router:~#
root@router:~# uci commit firewall
root@router:~#
root@router:~#
root@router:~# uci show firewall | grep rule | grep name
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[1].name='ISP_NAME_FTP'
firewall.@rule[2].name='ISP_NAME_FTP'
root@router:~#
Something isn't working as planned.
Forget it, the first method is only reliable when using named UCI sections.
zsolti
January 2, 2022, 4:54pm
6
Thank you. Tried it and works
To understand it more, would you please tell what do these 4 line do?
1 Like
zsolti
January 2, 2022, 8:29pm
8
Thanks dude!
I created a script, now it removes the existing rules if any, and add new rules.
Thank you!
1 Like
system
Closed
January 12, 2022, 8:30pm
9
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.