Firewall include: possible to pass parameters to called script?

antonk · February 23, 2024, 6:49pm

Hi folks,

So my install script creates these entries in /etc/config/firewall:

config include 'geoip_shell'
        option enabled '1'
        option type 'script'
        option path '/usr/sbin/geoip-shell-run.sh restore'

Unfortunately, the call to the -run script does not work:

$ service firewall restart
Section geoip_shell specifies unreachable path '/usr/sbin/geoip-shell-run.sh restore', ignoring section

Since the -run script does exist in that path, I assume that the issue is with the argument (restore). Before adding another script whose sole purpose would be to pass the "restore" argument to the -run script, I thought I'd ask if there is any non-obvious way to pass a parameter to the script called by the include?

kvic · June 28, 2024, 5:07am

I run into a related issue. I've one suggestion for the developers. For "include script" facility in fw4, please

Pass an "event type" to the script when the script is called by fw4. The 'event type' is one from the set of commands accepted by fw4 and appropriate for when the script is called:

boot, start, stop, reload, reload-sets, flush

From there, the user script can intelligently manage itself by checking and honouring the event, and run the appropriate course of actions.

In case, the user script doesn't check the event type, then the script will be run just like as-is of now.

brada4 · June 28, 2024, 6:09am

mind to fill in github?

brada4 · June 28, 2024, 6:57am

A bit short-sighted. If legacy script is called reliad-sets it ll gladly emit ruleset.