PHP shell_exec uci not working but without errors

Question

Hey all I am new at doing anything regaurding PHP Shell_exec commands.

I have some UCI code that allows me to add a rule to my fireall. This works just fine in SSH but when I try running the same thing in the PHP page it does not seem to do anything and without any error lettings me know whats going on....

My code:

<?php 
try {
    $cmd = "uci add firewall rule ".
    "uci set firewall.@rule[-1].name='my iphone' ".
    "uci set firewall.@rule[-1].src='lan' ".
    "uci set firewall.@rule[-1].dest='wan' ".
    "uci set firewall.@rule[-1].src_mac='XX:XX:XX:XX:XX:XX' ".
    "uci set firewall.@rule[-1].proto='all' ".
    "uci set firewall.@rule[-1].target='REJECT' ".
    "uci set firewall.@rule[-1].enabled='1' ".
    "commit firewall ".
    "service firewall restart ";
    
    echo 'command: ',  $cmd;

    $output = shell_exec($cmd);
} catch (Exception $e) {
    echo 'Caught exception: ',  $e->getMessage(), "\n";
}

echo "<pre>output: $output</pre>";
?>

I've even tried adding 2>&1 at the end:

<?php 
try {
    $cmd = "uci add firewall rule 2>&1".
    "uci set firewall.@rule[-1].name='my iphone' 2>&1".
    "uci set firewall.@rule[-1].src='lan' 2>&1".
    [more code here]

And Ive tried using only 1 uvi for the whole command:

<?php 
try {
    $cmd = "uci add firewall rule 2>&1".
    "set firewall.@rule[-1].name='my iphone' 2>&1".
    "set firewall.@rule[-1].src='lan' 2>&1".
    [more code here]

And I've tried using the same as above but without the 2>&1

<?php 
try {
    $cmd = "uci add firewall rule ".
    "set firewall.@rule[-1].name='my iphone' ".
    "set firewall.@rule[-1].src='lan' ".
    [more code here]

And lastly I've tried it with the 2>&1 just at the end of the command and with only 1 uci:

<?php 
try {
    $cmd = "uci add firewall rule ".
    "set firewall.@rule[-1].name='my iphone' ".
    "set firewall.@rule[-1].src='lan' ".
    [more code here]
    "service firewall restart 2>&1";
    [more code here]

and with each having uci:

<?php 
try {
    $cmd = "uci add firewall rule ".
    "uci set firewall.@rule[-1].name='my iphone' ".
    "uci set firewall.@rule[-1].src='lan' ".
    [more code here]
    "service firewall restart 2>&1";
    [more code here]

It first code block above outputs this on the page:

But like I said, it doesn't give any errors.

I tested a simple ls command with it and it works as expected:

So, what am I missing?

UPDATE 1

I tried this as requested"

<?php 
try {
    echo("starting..");
    shell_exec("uci add firewall rule");
    echo("1</br>");
    shell_exec("uci set firewall.@rule[-1].name='my iphone'");
    echo("2</br>");
    shell_exec("uci set firewall.@rule[-1].src='lan'");
    echo("3</br>");
    shell_exec("uci set firewall.@rule[-1].dest='wan'");
    echo("4</br>");
    shell_exec("uci set firewall.@rule[-1].src_mac='XX:XX:XX:XX:XX:XX'");
    echo("5</br>");
    shell_exec("uci set firewall.@rule[-1].proto='all'");
    echo("6</br>");
    shell_exec("uci set firewall.@rule[-1].target='REJECT'");
    echo("7</br>");
    shell_exec("uci set firewall.@rule[-1].enabled='1'");
    echo("8</br>");
    shell_exec("commit firewall");
    echo("9</br>");
    shell_exec("service firewall restart");
    echo("10</br>");
} catch (Exception $e) {
    echo 'Caught exception: ',  $e->getMessage(), "\n";
}

echo "done.";
?>

Which gave me this output on the page:

UPDATE 2

You probably need to put the whole command in quotes **cmd 'command string'** — Rohit Gupta, Sep 11 '22 at 05:03
Uhm... shouldn't firewall rules be protected? Like, only root can change them? Sounds dangerous that a web script can do that... — Honk der Hase, Sep 11 '22 at 10:05
@HonkderHase I’m just using this for my personal/home use. — StealthRT, Sep 11 '22 at 20:23

Rohit Gupta · Accepted Answer · 2022-09-12T21:02:13.740

1

It seems to me that each uci command is an individual line. You can not execute multiple commands with a shell_exec.

The whole command set must be one process, so separate shell_execs will just restart the process, and the previous command will be ingnored.

Create a script containing the commands and execute that script in shell_exec.

Or you can use the batch command (not tested)

$cmd1= "uci batch << EOI ".
       "add firewall rule ".
       "set firewall.@rule[-1].name='my iphone' ".
       "set firewall.@rule[-1].src='lan' ".
       "set firewall.@rule[-1].dest='wan' ".
       "set firewall.@rule[-1].src_mac='XX:XX:XX:XX:XX:XX' ".
       "set firewall.@rule[-1].proto='all' ".
       "set firewall.@rule[-1].target='REJECT' ".
       "set firewall.@rule[-1].enabled='1' ".
       "commit firewall ".
       "EOI";
$cmd2= "service firewall restart ";

And shell_exec both of them. It may require nl chars to separate the lines.

edited Sep 12 '22 at 21:02

answered Sep 11 '22 at 21:24

Rohit Gupta

4,022
20
31
41

I updated my OP with your first option and again I get no errors but it's not placing that into the firewall traffic rules still. – StealthRT Sep 12 '22 at 01:26
Try using the full path to uci. – Rohit Gupta Sep 12 '22 at 01:43
I've looked for uci in **sbin** but can not find it. Is there another path it would be in? – StealthRT Sep 12 '22 at 01:56
`/sbin/uci set firewall.@rule[-1]...` seems to not help any either. – StealthRT Sep 12 '22 at 02:05
just try one line like this `echo shell_exec ("uci xxx 2>&1");` This should tell you if its executing uci at all. – Rohit Gupta Sep 12 '22 at 03:04
Yes I get output when doing that. OP updated. – StealthRT Sep 12 '22 at 03:18
Use the same format and run each line with the echo and redirection. I suspect that the error on the second line will show you that you have to put them in a script. Because launching shell_exec each time is a new process. – Rohit Gupta Sep 12 '22 at 03:22
I have it working with the .sh script but I'd rather get it working just within PHP itself. – StealthRT Sep 12 '22 at 14:43
Since it has helped you. you could tick the answer – Rohit Gupta Sep 12 '22 at 19:31

PHP shell_exec uci not working but without errors

1 Answers1