I really appreciate your help, but I do not think this is really interesting for my case, nevertheless I wrote a small script to fetch those infos:
for i in network wireless dhcp firewall; do
printf '[details="%s"]\n```\n%s```\n[/details]\n\n' "$i" "$(sed "s/key \'.*\'/key 'abc'/" /etc/config/"$i")";
done
The third does not even have the WiFi in question, so I did not bother there.
Upstairs (the problematic)
{
"kernel": "6.6.110",
"hostname": "OpenWrt-Upstairs",
"system": "ARMv8 Processor rev 4",
"model": "Linksys MX4200v1",
"board_name": "linksys,mx4200v1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.4",
"revision": "r28959-29397011cc",
"target": "qualcommax/ipq807x",
"description": "OpenWrt 24.10.4 r28959-29397011cc",
"builddate": "1760891865"
}
}
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd13:6453:41ef::/48'
config device
option type 'bridge'
option name 'br-vlan'
list ports 'lan1'
list ports 'lan2'
option ipv6 '0'
config bridge-vlan
option device 'br-vlan'
option vlan '20'
list ports 'lan1:t'
list ports 'lan2:t'
config bridge-vlan
option device 'br-vlan'
option vlan '30'
list ports 'lan1:t'
list ports 'lan2:t'
config bridge-vlan
option device 'br-vlan'
option vlan '199'
list ports 'lan1:t'
list ports 'lan2:t'
config interface 'Uplink'
option device 'br-vlan'
option proto 'none'
config bridge-vlan
option device 'br-vlan'
option vlan '10'
list ports 'lan1:u*'
list ports 'lan2:u*'
config interface 'MGMT'
option proto 'static'
option device 'br-vlan.10'
option ipaddr '10.0.0.251'
option netmask '255.255.255.0'
option gateway '10.0.0.1'
config interface 'VPN'
option proto 'none'
option device 'br-vlan.199'
config interface 'IOT'
option proto 'none'
option device 'br-vlan.30'
config interface 'LAN'
option proto 'static'
option device 'br-vlan.20'
option ipaddr '10.0.1.77'
option netmask '255.255.255.0'
wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi+1'
option band '2g'
option channel '1'
option htmode 'HE20'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi'
option band '5g'
option channel '48'
option htmode 'HE20'
option cell_density '0'
option country 'DE'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option network 'LAN'
option key 'abc'
option ssid 'FRITZ!Box Fon WLAN 7390'
option ieee80211w_max_timeout '10000'
option ieee80211w_retry_timeout '500'
option encryption 'psk2'
option ieee80211w '1'
option ocv '0'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option disassoc_low_ack '0'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option network 'IOT'
option key 'abc'
option ssid 'IOT'
option encryption 'psk2'
option ft_over_ds '0'
option mobility_domain 'f1f1'
option ft_psk_generate_local '1'
option ieee80211r '1'
option ieee80211w '1'
config wifi-iface 'wifinet3'
option ssid 'VPN'
option device 'radio0'
option mode 'ap'
option ieee80211w '2'
option encryption 'sae'
option key 'abc'
option ieee80211r '1'
option mobility_domain '1BAD'
option ft_over_ds '0'
option wpa_disable_eapol_key_retries '1'
option ocv '0'
option network 'VPN'
config wifi-iface 'wifinet4'
option ssid 'Printer'
option encryption 'psk2'
option device 'radio0'
option mode 'ap'
option key 'abc'
option hidden '1'
option macfilter 'allow'
list maclist 'E4:E7:49:5A:91:05'
option network 'LAN'
config wifi-device 'radio4'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi+2'
option band '5g'
option channel '100'
option htmode 'HE80'
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option rebind_protection '0'
list server '10.0.0.1'
list server '10.0.0.5'
list interface 'lo'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
Downstairs (works fine)
{
"kernel": "6.6.93",
"hostname": "OpenWrt-Downstairs",
"system": "ARMv8 Processor rev 4",
"model": "Linksys E8450 (UBI)",
"board_name": "linksys,e8450-ubi",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"firmware_url": "https://downloads.openwrt.org/",
"revision": "r30114-9b777547be",
"target": "mediatek/mt7622",
"description": "OpenWrt SNAPSHOT r30114-9b777547be",
"builddate": "1750271723"
}
}
network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fdf5:b7cc:fc56::/48'
config interface 'dmz'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.0.253'
option gateway '10.0.0.1'
list dns '1.1.1.1'
option device 'br-lan.10'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'lan1'
list ports 'lan2'
config bridge-vlan
option device 'br-lan'
option vlan '199'
list ports 'lan1:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'lan1:t'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'lan1:t'
config interface 'IOT'
option proto 'none'
option device 'br-lan.30'
config interface 'LAN'
option proto 'none'
option device 'br-lan.20'
config interface 'VPN'
option proto 'none'
option device 'br-lan.199'
wireless
config wifi-iface 'default_radio1'
option ssid 'FRITZ!Box Fon WLAN 7390'
option device 'radio1'
option ieee80211w '1'
option key 'abc'
option mode 'ap'
option ieee80211w_max_timeout '10000'
option ieee80211w_retry_timeout '500'
option encryption 'psk2'
option disassoc_low_ack '0'
option ocv '0'
option network 'LAN'
option ieee80211r '1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet3'
option ssid 'Garden'
option encryption 'psk2'
option device 'radio0'
option mode 'ap'
option key 'abc'
option network 'LAN'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'IOT'
option encryption 'psk2'
option key 'abc'
option ieee80211r '1'
option mobility_domain 'f1f1'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211w '2'
option ocv '0'
option network 'IOT'
config wifi-iface 'wifinet5'
option device 'radio0'
option mode 'ap'
option ssid 'VPN'
option encryption 'sae'
option key 'abc'
option ieee80211r '1'
option nasid '1BAD'
option ft_over_ds '0'
option wpa_disable_eapol_key_retries '1'
option ocv '0'
option network 'VPN'
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/18000000.wmac'
option band '2g'
option htmode 'HT40'
option channel '8'
option cell_density '0'
option country 'DE'
config wifi-device 'radio1'
option type 'mac80211'
option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option country 'DE'
option cell_density '0'
option htmode 'HE80'
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list interface 'lo'
list server '10.0.0.1'
list server '10.0.0.5'
option rebind_protection '0'
config dhcp 'dmz'
option interface 'dmz'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'dmz'
list network 'IOT'
list network 'LAN'
list network 'VPN'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
