In LuCI, there is a checkbox to enable/disable traffic rules. How can do this from the shell?
You need to know the rule number, once you have that, you can issue the commands below:
uci set firewall.@rule[xxx].enabled=0
fw3 reload
4 Likes
Thank you for the pointer. First I found the rule:
# uci show firewall
...
firewall.@rule[15]=rule
firewall.@rule[15].src='lan'
firewall.@rule[15].proto='all'
firewall.@rule[15].target='REJECT'
firewall.@rule[15].name='stop all WAN access'
firewall.@rule[15].src_ip='10.1.8.118'
firewall.@rule[15].dest='wan'
firewall.@rule[15].enabled='0'
...
Then I just substituted a 1 or the 0 in that syntax:
# uci set firewall.@rule[15].enabled=1
# fw3 reload &>/dev/null
However, when I pull up the traffic rules in LuCI, there isn't a check mark for enabled. Is that to be expected? Note that the rule is in effect despite LuCI not showing it.
LuCI works with persistent configuration.
To make runtime configuration persistent, run:
uci commit
1 Like
Thanks for the help, works like a charm.
#!/bin/sh
test=$(uci show firewall | grep 'rule\[15\].enabled' | awk -F'=' '{ print $2 }' | sed s"/'//g")
if [ $test -eq 1 ]; then
echo "disabling rule 15 ... WAN access available"
uci set firewall.@rule[15].enabled=0
else
echo "enabling rule 15 ... WAN access restricted"
uci set firewall.@rule[15].enabled=1
fi
fw3 reload &>/dev/null
uci commit
uci -q get firewall.@rule[15].enabled
Thanks, much more elegant.
That ok if your rules order doesn't changed, always 15
#!/bin/sh
index=0
while true; do
name=$(uci get firewall.@rule[$index].name 2>/dev/null) || break
echo "$name"|grep -q "stop all WAN access") && {
#### Do you stuff here with $index ###
}
index=$((index+1))
done
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.