Topic: Firewall config from command line

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

passiday

26 Dec 2017, 16:36

I have set up several rule groups in the firewall config file (/etc/config/firewall):

config rule
        option src 'lan'
        option dest 'wan'
        option family 'ipv4'
        option src_ip '192.168.1.123'
        option target 'REJECT'
        option name 'BlockThem'

By default, this rule is enabled. If I'd add

        option enabled '0'

to this config section, the given rule is not activated (after the firewall restart, of course).

Time to time I am accessing my router remotely and enabling/disabling certain rules, by opening the config file and manually adding or removing the "option enabled" line, and then restarting the firewall. It's kind of pain and I am looking for a less tedious way.

So, I am looking for something like

$ firewall config list rules
$ firewall config enable rule "BlockThem"
$ firewall config disable rule "BlockThem"

Post #2

augustus_meyer

26 Dec 2017, 17:02

Having similar requirements, I always remove package "firewall" and use my own, very basic rules for iptables.
Rules are set up within rc.local.
No need for something special here, anyway, I think.
Using well documented procedures for iptables maintenance helps, if necessary.

Post #3

eduperez

26 Dec 2017, 18:16

All files at "/etc/config/" can be edited using the "uci" command. Just execute "uci" to see the list if available commands, or "uci show firewall" to see all current parameters related to firewall and figure out which ones you want to change.

The discussion might have continued from here.

Page 1 of 1