Scheduling on/off ethernet port

[Solved] I would like to be able to schedule on/off of all Ethernet ports at times and days of the week.
There is a package that does this for the wifi "Luci-App-WifisciDule"
which works very well.
Is there something for Ethernet Ports ?

Thanks in advance for each suggestion.

WD8970v2
OpenWrt 22.03.5 r20134-5f15225c1e / LuCI openwrt-22.03 branch git-23.093.57104-ce20b4a

I'm not aware of a way to easily toggle ethernet ports on and off.

You could disconnect them from the network(s) in question, though. This would probably best be achieved with a cron job.

just the correct term is to disconnect
Isn't there a package that already does this?
Could you help me write the Cron Job for this activity?

I'm not aware of an existing package, but that doesn't mean there isn't one.

Regarding the disconnect, to be clear, I'm saying that we disconnect the network logically but the physical link would still be up and running (it just wouldn't respond to any traffic on the physical port). The way I'd propose doing this is to change the configuration of the built-in switch or the network interface device association.

Is the intent to disable 1 or more specific ports while leaving others running normally, or would you be taking down all of the ports? What about wifi -- does wifi get disabled at the same time, or does it remain up and running?

And is this the main (or management) network, or is this a guest/iot/something-else network? I ask because you'll probably still want a way to manage the router, especially if there is a mistake in the config/cron-job.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network

What I would like to get is the deactivation of the Ethernet Ports from - to from Monday to Friday and from - to from Saturday to Sunday

If this means deactivating the WiFi, no problem

Staying without any access is perhaps too much, you could disable the unstitraves towards the Gateway 192.168.1.254
In this way I could access the router but the clients could not navigate the same equally.

I tried to configure a Firewall Reject rule but it doesn't seem to work.

ubus call system board

{
        "kernel": "5.10.176",
        "hostname": "WD8970",
        "system": "xRX200 rev 1.2",
        "model": "TP-LINK TD-W8970",
        "board_name": "tplink,tdw8970",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "lantiq/xrx200",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd24:0dca:abdd::/48'

config atm-bridge 'atm'
        option vpi '1'
        option vci '32'
        option encaps 'llc'
        option payload 'bridged'
        option nameprefix 'dsl'

config dsl 'dsl'
        option annex 'a'
        option tone 'av'
        option ds_snr_offset '0'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.254'
        list dns '192.168.1.254'

config device
        option name 'dsl0'
        option macaddr 'c0:4a:00:0a:22:df'

firewall rule test

config rule
	option name 'Turn off internet'
	option src '*'
	list dest_ip '192.168.1.254'
	option target 'REJECT'
	option weekdays 'Sun Mon Tue Wed Thu'
	option start_time '00:00:00'
	option stop_time '07:00:00'

Is it correct for me to state that this is not the main router? This appears to be a dumb AP (just providing ethernet and wifi connectivity, all routing from another device at 192.168.1.254)?

right, it's just an AP

In that case, what you probably need to do is remove the uplink port from br-lan... so if port lan1 is the uplink to the main router, you'd simply setup 2 scripts using UCI config syntax:

  • one that deletes a lan1 from the bridge
  • and another that adds lan1 to the bridge

Then you'd setup 2 cron jobs that would fire the respctive script at the right times.

Alternatively, you could leave the uplink and then delete the other ports from the bridge... this would at least have the effect of keeping the device "online" with respect to the upstream network (you'd still be able to connect to it, but the other ports would be disabled since they'd have been removed from the bridge).

it is definitely the best solution but I have no idea how to give these instructions.

I imagine the commands can be ifdown ifup, do you have an example that can help me?

You could also put in some bridge filtering rules... Basically stop the bridge from passing traffic to/from upstream, but then the AP itself could stay available.

nftables has rules that replace the older ebtables https://wiki.nftables.org/wiki-nftables/index.php/Bridge_filtering

Basically use a forward table, then just drop all packets that are being forwarded. To turn it back on, just flush the table.

Can you post the output of

uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd24:0dca:abdd::/48'
network.atm=atm-bridge
network.atm.vpi='1'
network.atm.vci='32'
network.atm.encaps='llc'
network.atm.payload='bridged'
network.atm.nameprefix='dsl'
network.dsl=dsl
network.dsl.annex='a'
network.dsl.tone='av'
network.dsl.ds_snr_offset='0'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.gateway='192.168.1.254'
network.lan.dns='192.168.1.254'
network.@device[1]=device
network.@device[1].name='dsl0'

This is the section we'll be changing.

So, to disconnect lan1 from the bridge (as an example), you'd do the following:

uci del_list network.@device[0].ports=lan1
uci commit network
/etc/init.d/network restart

To re-enable port 1, you'd do this:

uci add_list network.@device[0].ports=lan1
uci commit network
/etc/init.d/network restart

You can do this for the uplink port which will shut everything down (including your ability to administer the router), or you can do it for the downstream ports. So for example, if port 1 is the uplink, you'd do this to disable ports lan2-4:

uci del_list network.@device[0].ports=lan2
uci del_list network.@device[0].ports=lan3
uci del_list network.@device[0].ports=lan4
uci commit network
/etc/init.d/network restart

(and then you'd enable the same way with add_list instead of del_list)

The latter is probably the better option because then your device remains online and visible to the upstream. This is also important because you need it to be able to retrieve time, especially if there is a power outage. Otherwise, the time may drift and/or be completely wrong and your rules won't work properly.

1 Like

Everything seems clear to me.
Thank you infinitely for the time you are dedicating to me.
As soon as I have created and tested my sh file I will post it here

[SOLVED]

30 00 * * Mon,Tue,Wed,Thu,Sun uci del_list network.@device[0].ports=lan2 & service network reload
00 06 * * Mon,Tue,Wed,Thu,Sun uci add_list network.@device[0].ports=lan2 & service network reload

Thank you,

This is my task, it works perfectly.

awesome!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile:

1 Like