Hi,

I'm modifying some script and I need to disable a 443 port forward in firewall
to let the router takeover the port temporarily with
iptables -I input_rule -p tcp --dport 443 -j ACCEPT

then afterwards remove the rule with
iptables -D input_rule -p tcp --dport 443 -j ACCEPT

and then I need to enable back the the redirect rule again

I think it can be done with "uci set firewall.@redirect[0].enabled=0"
but the id of the rule redirect[#] will always change I think

Can I access a rule with uci by it's name or something?
Or may be there is something I can do with the iptables command that would override the redirect - DNAT rule?

You could simply create the rule with a name:

uci set firewall.my_https_rule=rule
uci set firewall.my_https_rule.proto=tcp
...
uci commit firewall

Later you can refer to it using "firewall.my_https_rule.enabled"

I think "uci rename firewall.@rule[0]=my_https_rule" will work as well to add a stable id to the existing rule.

Thank You, everything is easy now with a rule name

uci del firewall.HTTPS_RULE >/dev/null 2>&1

uci set firewall.HTTPS_RULE=redirect
uci set firewall.HTTPS_RULE.target=DNAT
uci set firewall.HTTPS_RULE.proto=tcp
uci set firewall.HTTPS_RULE.src=wan
uci set firewall.HTTPS_RULE.dest=lan
uci set firewall.HTTPS_RULE.src_dport=443
uci set firewall.HTTPS_RULE.dest_ip=192.168.xx.xx
uci set firewall.HTTPS_RULE.dest_port=443
uci set firewall.HTTPS_RULE.name=Server-HTTPS
uci set firewall.HTTPS_RULE.enabled=0
uci commit firewall

uci set firewall.HTTPS_RULE.enabled=1
uci commit firewall

Btw, you can leave out the "uci commit" after creating the rule and use "uci revert firewall" instead to delete it later, this will avoid writing to flash.

dont forget to add