![]() The best place to load this is in /etc/modules. To aceive this the module ipt_log must be loaded. Here is the current switches.1 Using Firewall Builder (fwbuilder) Configuring openwrt Install packages In order to use firewall builder on an openwrt router you will need to install the following packages # install packages for fwbuilder ipkg install ip ipkg install iptables-mod-extra ipkg install iptables-utils Note: kmod-ipt-extra will also be installed, iptables-mod-extra is dependant on it Load logging module Firewall builder needs the capability to perform logging from within iptables. Instead of typing the entire ssh script, how can I call a script for the iptables commends? How can I change the default switch to “on”? When HA starts the switch default is set to “off”. Instead of retyping the MAC address to users, can I create a runtime data array of MAC addresses? Running the script using the runtime variables would simplify the management of clients and the scripts. I want to take the script to the next levels: The workaround is to use iptables -I to insert all rules, so the HA script will togle the preexisting rules with REJECT or ACCEPT. If there are no rules the switch will not work. NOTE: the iptables -R switch replaces existing rules. This allows you to execute commands on the router by doing ssh command. Once you have done the key exchange, HASS will be able to log into the router without a password. I don’t use DD-WRT, so I can’t help with the specifics of that. This would normally be done by a shared-key exchange. In order for this to work, however, you will need to authenticate the connection. What you probably mean to do is have HASS shell into your router to execute the commands.Ĭommand_on: "ssh iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT & iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT" (and my apologies if you realized this, and I misunderstood!) Unless you have a script on your machine with that name, that is why your switch is failing. So your switch as is will try to run a program called “COMMAND LINE”, then it will wait for it to exit (that is what the & does), and then run the iptables commands on your local machine. Thank is the “COMMAND LINE &” in your switch a placeholder for something else? In a command line switch, anything in the quotes on the command_on and command_off line gets executed. My switches.yaml file so far looks line this: SwitchesĬommand_off: “COMMAND LINE & iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT & iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT"Ĭommand_on: “COMMAND LINE & iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT & iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT""Ĭan you perhaps point me to a sample code that I could use for this project? Any other suggestions will be appreciated. Iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT Iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j ACCEPT Iptables -R grp_10 2 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT Iptables -R grp_10 1 -p tcp -m mac -mac-source E0:C7:AA:ZZ:YY:XX -j REJECT The scripts below are working when I am logged on to the router as root over SSH and Telnet sessions. In concept, the router firewall rules will reject or accept traffic from a specific MAC address. What I can’t find is a sample for the command line syntax to send the commands to the router over ssh, telnet or perhaps other protocol. At this time the HA is running, and I have a switch set for sending commands. This is to enable “privilege access” to the internet. I want to use HA to control the internet access with a simple flick of a switch.
0 Comments
Leave a Reply. |