Luci openWRT UCI firewall rule update without position number

Question

Hey all I have been trying find some code that would allow me to update my firewall rule via the UCI.

The way I am currently adding the new rule is like this:

uci add firewall rule
uci set firewall.@rule[21].name='B Macbook Air'
uci set firewall.@rule[21].src='lan'
uci set firewall.@rule[21].family='ipv4'
uci set firewall.@rule[21].src_ip='192.168.1.227'
uci set firewall.@rule[21].src_mac='00:00:00:00:00:00'
uci set firewall.@rule[21].dest='wan'
uci set firewall.@rule[21].proto='all'
uci set firewall.@rule[21].target='REJECT'
uci set firewall.@rule[21].enabled='1'
uci commit firewall

This produces the correct rule inside luci (branch (git-22.347.45520-d30ab74)):

The way I update one of the rules' enabled or disable is this:

uci set firewall.@rule[21].name="B Macbook Air"
uci set firewall.@rule[21].enabled="1"
uci commit firewall

Which works as expected but I am wondering if there's a way too just call the firewall rules name instead of needing to know the position (ie: [21])?

Like this:

uci set firewall.@rule.name="B Macbook Air"
uci set firewall.@rule.enabled="1"
uci commit firewall

But of course the above does not work. Gives an error of

root@turris:~# uci set firewall.@rule.name="B Macbook Air"
uci: Invalid argument

Is this possible to do?

pynexj · Accepted Answer · 2023-02-17T17:47:04.080

1

You can write a loop to check each rule's .name.

The following example supposes the index numbers start from 0 and are consecutive.

_{(Not sure if bash is installed by default. The example code is in sh.)}

#!/bin/sh

name='Support-UDP-Traceroute'
option=enabled
value=1

i=0
while true; do
  rname=$( uci get "firewall.@rule[$i].name" 2> /dev/null )
  if [ $? != 0 ]; then
    # no more rules
    break
  fi

  if [ "$rname" = "$name" ]; then
    echo "found: $name: [$i]"
    # uci set firewall.@rule[$i].$option="$value"
    # uci commit firewall

    break
  fi

  let i++
done

Make it a function if you need to do this often. And you need to update it a bit if the index numbers are not consecutive.

Another solution is to use uci show firewall:

i=$( uci show firewall | grep/sed/awk/... )
uci set firewall.@rule[$i].the_option="the_value"
uci commit firewall

This way you don't care if the index numbers are consecutive or not.

edited Feb 17 '23 at 17:47

answered Feb 17 '23 at 16:57

pynexj

19,215
5
38
56

Thanks for all of that pynexj, When trying it out it seems to have nothing if the enabled is true (1) but it does have it when its false (0). And yes, I have bash installed. – StealthRT Feb 17 '23 at 18:19
did u uncomment the `uci set` and `uci commit` lines? i commented them in case people directly run it before they see what's really going on. just to be safe. – pynexj Feb 17 '23 at 19:04
What's the difference in doing this `uci set firewall.@rule[$i].$option` compared to doing it this way `uci set firewall.@rule[$i].enabled`? – StealthRT Feb 17 '23 at 19:20
they are the same. just a better way if you need to update other options. – pynexj Feb 18 '23 at 16:55

Luci openWRT UCI firewall rule update without position number

1 Answers1