I have a uci_defaults script that I package with OpenWRT for some devices. When testing I need to disable Rebind Protection on dnsmasq because the router is behind my primary firewall and needs to access some services on the local network. So I have included
in my script but for some reason this is the only setting that does not 'stick'. When the devices comes online all the other UCI default settings are there (so I know the script is getting called) but the dnsmasq settings still have rebind protection enabled.
If I run the exact same commands on the router after first boot - it works.
What might be happening here?
Full script
uci set network.lan.ipaddr='10.50.0.1'
uci set network.mgmtvpn=interface
uci set network.mgmtvpn.proto='none'
uci set network.mgmtvpn.device='tun0'
uci commit network
uci del firewall.zone1.network
uci add_list firewall.zone1.network='lan'
uci add_list firewall.zone1.network='mgmtvpn'
uci commit firewall
uci set dhcp.dnsmasq1.rebind_protection='0'
uci commit dhcp
/etc/init.d/system reload
/etc/init.d/network reload
/etc/init.d/firewall reload
/etc/init.d/dnsmasq reload
EDIT: actually - the firewall stanza is not working either, only the network settings are sticking.
That's the crux of your issue. The @ is the symbolic representation and the cfgxxxx names are the internal one. This is used because there may be more than one dnsmasq sections in the config file, so uci has to figure out how to address each individual one, and it allows two different forms for that.
So...
Is not doing what you expect. It should (probably) be one of these:
uci set dhcp.cfg01411c.rebind_protection='0'
uci set dhcp.@dnsmasq[0].rebind_protection='0'
Do this as a diagnostic and you'll figure out what's going on:
$ uci show dhcp | grep rebind
dhcp.@dnsmasq[0].rebind_protection='0'
dhcp.@dnsmasq[0].rebind_localhost='0'
$ uci -X show dhcp | grep rebind
dhcp.cfg01411c.rebind_protection='0'
dhcp.cfg01411c.rebind_localhost='0'