How to call ubus to enable/disable specific firewall rule

I'd like to call ubus webapi to do things as below. I did a lot of search through google. But can't find solution. Can someone help to give correct curl cmd? Thanks a lot.

uci set firewall.cfg0192bd.enabled=1 && fw3 reload

BTW: I can get setting successfully.

curl -H 'Content-Type: application/json' -d '{ "jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "c7fd109535903336c189a48ba4b31b8a", "uci", "get", { "config": "firewall", "type": "rule", "section": "@rule[0]" } ] }'  http://192.168.1.1/ubus | jq

Please post output of

ubus call system board

First call uci set with the same args and add "values": { "enabled": "0" } to the dictionary.

Then call uci commit with { "config": "firewall" }
Then call uci apply

1 Like

Thank you very much. You save my life. :grinning:
Here is the correct curl command to enable firewall rule
curl -H 'Content-Type: application/json' -d '{ "jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "a96266e1e1a06e846d8b18b5bece3d47", "uci", "set", { "config": "firewall", "section": "@rule[0]", "values": {"enabled": "1"} } ] }' http://192.168.1.1/ubus | jq
Commit the change
curl -H 'Content-Type: application/json' -d '{ "jsonrpc": "2.0", "id": 1, "method": "call", "params": [ "a96266e1e1a06e846d8b18b5bece3d47", "uci", "commit", { "config": "firewall" } ] }' http://192.168.1.1/ubus | jq

There's also a newer, restful API flavor available which might be easier to work with when using curl, see the commit message of https://git.openwrt.org/?p=project/uhttpd.git;a=commit;h=11723570af9cb7bd87842e79c85ee99530be9902 for details.

That would turn the above into:

curl -H 'Content-Type: application/json' \
     -H 'Authentication: Bearer a96266e1e1a06e846d8b18b5bece3d47' \
     -d '{
           "jsonrpc": "2.0",
           "id": 1,
           "method": "set",
           "params": {
             "config": "firewall",
             "section": "@rule[0]",
             "values": {
               "enabled": "1"
             }
           }
         }' \
     http://192.168.1.1/ubus/call/uci

curl -H 'Content-Type: application/json' \
     -H 'Authentication: Bearer a96266e1e1a06e846d8b18b5bece3d47' \
     -d '{
           "jsonrpc": "2.0",
           "id": 2,
           "method": "commit",
           "params": {
             "config": "firewall"
           }
         }' \
     http://192.168.1.1/ubus/call/uci

So the ubus operation and ubus object to call become parts of the URL, the ubus method to invoke becomes the JSON-RPC "method" property and the authentication token is passed out-of-band via HTTP header.

Sorry, didn't notice your reply
here is the output

{
	"kernel": "6.1.90",
	"hostname": "OpenWrt",
	"system": "Intel(R) Celeron(R) CPU 3965U @ 2.20GHz",
	"model": "VMware - Intel(R) Celeron(R) CPU 3965U @ 2.20GHz : 1C1T",
	"board_name": "vmware-inc-vmware-virtual-platform",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"target": "x86/64",
		"revision": "R24.5.1",
		"description": "OpenWrt "
	}
}

Thanks jow. That's cool! But it doesn't work for me. I guess the commit you mentioned wasn't included in uhttpd in my system.

curl -H 'Content-Type: application/json' \
     -H 'Authentication: Bearer 98ed36ace4be1514fde5962880f5fa3a' \
     -d '{
           "jsonrpc": "2.0",
           "id": 1,
           "method": "get",
           "params": {
             "config": "firewall",
             "section": "@rule[0]"
             }
           }
         }' \
     http://192.168.1.1/ubus/call/uci
{"jsonrpc":"2.0","id":1,"error":{"code":-32002,"message":"Access denied"}}

It is imperative you install openwrt, nobody here can help with your fw3-conserving openwrt fork distribution.

jow-s guidance works perfectly on openwrt

1 Like