Editing configuration files with UCI

Talk about Documentation
1

I would have liked to build the factory image of my router with uci-default. Some of the statements in the documentation about UCI are confusing.

Note that you cannot delete an entire config using uci delete eg. uci delete umdns will not work. If you are really, truly sure you want to wipe an entire config, this shell code snippet will do it by looping and deleting the first entry in the config until it is empty:

while uci -q delete umdns.@umdns[0]; do :; done

It seems to me that it works, doesn't it?

uci delete umdns.@umdns[0]

Source: [OpenWrt Wiki] The UCI system

UCI is useful to view the firewall configuration, but not to do any meaningful modifications for the following reasons:

  • Essential prior knowledge of where a firewall rule needs to go into the rule array in order to make it work.
  • uci does not recognize content within the /etc/firewall.user script
  • uci commit is necessary to save the changes, but still needs /etc/init.d/firewall reload to reload new tables.

Source: [OpenWrt Wiki] Firewall configuration /etc/config/firewall

I've tried to find information about these problems. My goal is to be able to configure everything automatically and be able to upgrade to a newer version of OpenWrt.

Look at the following information.

cat << "EOF" > /etc/uci-defaults/99-custom
uci -q batch << EOI
set network.lan.ipaddr='192.168.178.1'
set wireless.@wifi-device[0].disabled='0'
set wireless.@wifi-iface[0].ssid='OpenWrt0815'
add dhcp host
set dhcp.@host[-1].name='bellerophon'
set dhcp.@host[-1].ip='192.168.2.100'
set dhcp.@host[-1].mac='a1:b2:c3:d4:e5:f6'
rename firewall.@zone[0]='lan'
rename firewall.@zone[1]='wan'
rename firewall.@forwarding[0]='lan_wan'
EOI
EOF

Source: [OpenWrt Wiki] UCI defaults

My router has two WAN network interfaces bridged together: an SFP fiber module and a RJ45 port on the switch that can be used either as a WAN or LAN interface.

config device
        option name 'wan'
        option macaddr 'a1:b2:c3:d4:e5:f6'

config device
        option name 'eth1'
        option macaddr 'a1:b2:c3:d4:e5:f6'

config device
        option name 'br-wan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'wan'

So I would have liked to change the configuration. The section device related to wan should be removed. Idem for the section device that makes the bridge br-lan. So I could have a WAN connection by plugging the fiber into the SFP fiber module and get an extra LAN port on the switch.

As previously mentioned, sections to be deleted would have been indicated by their index: network.@device[0] and network.@device[2]. Unfortunately these sections may change during an image upgrade.

I've done some research on the forum and maybe uci-default could be used in a different way (using some Shell functions). See below.

2

Which method to use? It's not clear.

network.@device[2]=device
network.@device[2].name='wan'
network.@device[2].macaddr='a1:b2:c3:d4:e5:f6'
network.@device[3]=device
network.@device[3].name='eth1'
network.@device[3].macaddr='a1:b2:c3:d4:e5:f6'

network.cfg080f15=device
network.cfg080f15.name='wan'
network.cfg080f15.macaddr='a1:b2:c3:d4:e5:f6'
network.cfg090f15=device
network.cfg090f15.name='eth1'
network.cfg090f15.macaddr='a1:b2:c3:d4:e5:f6'

Method 1

uci delete network.@device[2]

→ UCI default # Integrating custom settings

Method 2

uci delete network.cfg080f15

→[Forum] Help using uci-defaults to have firstboot configuration

Method 3

# <buildroot/files>/etc/uci-defaults/99-custom
delete_wan_device() {
   local config="$1"
   local device_name

   config_get device_name "$config" "name"

   if [ "$device_name" = "wan" ]
   then
      uci -q delete network."$config"
   fi 
}

. /lib/functions.sh
config_load network
config_foreach delete_wan_device device
uci commit network
service network restart

It should work as it seems to be executed as a shell script.

→ Using the Image Builder # Restricting root access

3

All variants should work interchangeably. The quoted wiki text about uci not able to configure the firewall sounds opinionated and wrong.