I accidentally applied a bad firewall configuration

I have been exploring building my own images for NanoPi R5S with the docker image builder. In an attempt to provide custom files during the build process, I was providing custom /etc/config/network and /etc/config/firewall.

well... ive made a big mistake and now my device is inaccesible. I accidentally provided the following in place of /etc/config/firewall:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd95:2dff:6c52::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'

config device
        option name 'eth1'
        option macaddr 'da:9e:6b:72:66:05'

config device
        option name 'eth2'
        option macaddr 'da:9e:6b:72:66:05'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0'
        option macaddr 'da:9e:6b:72:66:04'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'

config interface 'docker'
        option device 'docker0'
        option proto 'none'
        option auto '0'

config device
        option type 'bridge'
        option name 'docker0'

config interface 'dockerlan'
        option proto 'none'
        option device 'docker1'

As you can probably see... this is clearly not a firewall config, but a network config instead. I cant access the device over luci nor over ssh, 192.168.1.1 is not accessible. it doesnt even show up in the response from arp -a in powershell, and it doesnt seem to get a dhcp address.

I had been uploading new flash images via luci. The R5S used to boot from SD card when the original factory image was on the emmc, but it hasnt booted from sd card since using my openwrt builds.

The debug UART port doesnt seem to produce a console session.

How screwed am I?

Go here:
https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset#entering_failsafe_mode
Then mount root
then restore default conf file (download RAW on top right of page):

(or copy it from /rom/etc/config/)

Ive tried that, but i cant get it into failsafe mode. I dont know how to confirm that the one and only button on the R5S is monitored for failsafe

Have you ever made this work

no, im desperate lol. NanoPi's wiki for the R5S describes it as "Debug UART", but doesnt document it at all. i was just being hopeful.

Just pull out microsd and edit files directly from a linux machine?

its booting from the emmc, and doesnt seem to want to boot from an sd card

Use vendor recovery and start from zero.
https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S#Flash_Official_OS_to_eMMC

1 Like

ill try it again, but it seems like it doesnt want to boot from SD regardless

Connect hdmi TV, ask vendor since they say recovery works like that.

1 Like

sorry, i feel like i have an answer for all of your suggestions. i appreciate the brainstorming, but ive tried that. no hdmi signal. afaik, openwrt doesnt have any video drivers and i havent been running the mfg provided "friendlywrt" in a while, but building my own. before this, i had never even tried the hdmi port, so ive never seen it work

Kind of it is up to you to figure out what you altered from normal openwrt or vendor's defaults.

thats valid, but I dont have a need for hdmi out for my application, so i dont know why i wouldve bothered to maintain graphics output. For what its worth, im not sure the vendor's own "FriendlyWRT" has graphics output. Maybe their openmediavault, debian, android builds do, but i dont think the openwrt fork ever had graphics.

very frustrating that I know exactly what the problem is, but i cant access the device to fix it, it wont boot from sd card, and i cant think of how to reflash the emmc directly.

They say their bootloader does output to hdmi during recovery, independently of which software would boot later.

1 Like

Get a emmc burner; assuming you can pull it. But, they have a couple of different boot from sd alternatives on their wiki.

that is one big question...why isnt it booting from the SD? i cant get thier emmc flasher sd images nor their factory images to boot from sd. I am 100% confident that the last flash had the bad firewall conf, but it does give me pause that it wont boot from sd.

makes me wonder if I have a larger (hardware) issue than the bogus firewall conf

unfortunately the emmc is bga soldered to the board

Ask warranty support, though better you figure what happened to their bootloader because replacing one file is not killing it.