Using programmable, named section with UCI

Hi all,

I just started with OpenWrt and would like to know if I can address a firewall zone by name with UCI...

uci show firewall.@zone[0]

Since I only now the name and want to execute simple bash commands, I would prefer a programmable, named section, like it is possible with 'network'. But network seems to use the name directly for the interface, while firewall seems to use the CFGID for the zone and the name as a parameter.

I would prefer simple bash commands, so is it possible to address firewall zones by name without cumbersomely parse the data?

Thank you very much...

1 Like

Yes, you can, see:

However, note that the forwardings and rules rely on the name option, not section name.

1 Like

Thank you vgaetera.

Though your answer is helpful, I still have a problem. In your first link they seem to create a new zone and give it a name, so they can address it later. In the second link they seem to rename an array indexed zone, so they can address it later. So actually I know how to create a new zone and address it and I also know how to rename an array indexed zone and address it, but I have no Idea how I can change options for existing zones by its option "name".

Let's assume I have a zone like this...

uci show firewall.@zone[1]
firewall.cfg05eb36=zone'wan''wan' 'wan6'

...but I only know the name option of the zones ('wan' in this case) and would like to change/update the network option. I know how to do this with CFGID and indexed array, but how can I do this with the name option?

1 Like

You have 2 options:

  • Rely on the defaults.
  • Fetch zone ID by option name=wan.

The second option is like this:

uci rename $(uci -q show firewall \
| sed -n -e "/\.name='wan'$/s///p" \
| sed -n -e "1p")="wan"

But you still have to rely on the defaults assuming that the zone name=wan.
Otherwise, that's even more scripting, thus I recommend to use the first option.
This way your code will be easier to understand and modify as needed.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.