833M0L3 / openwrtFirewall

Firewall rules and it's direct interaction on Openwrt using shell

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Using ipset to implement firewall rules to a group of IP Addresses ( really useful if you hate using CIDR)

You have to install ipset first which you can do simply by

opkg update
opkg install ipset

Rules you have to add in /etc/config/firewall to first assign a group of ip addresses to a option name, which you can later use to apply certain rules to them. You can notice the loadfile. It loads the list of ip addresses from a file, which makes it super easy to manage users.

config ipset
        option name 'test'
        option match 'src_net'
        option storage 'hash'
        option enabled '1'
        option loadfile '/mnt/ips/test.txt'

config rule
        option name 'test'
        list proto 'all'
        option src 'lan'
        option ipset 'test'
        option dest 'wan'
        option target 'REJECT'
        option enabled '0'

Interacting or modifying the existing rules on /etc/config/firewall directly from shell with commands

uci set firewall.@rule[13].enabled=1 && uci commit && /etc/init.d/firewall restart &>/dev/null

firewall.@rule[13] points to the rule you want to change. You can list the rule ids that is 13 there, by using the command uci show firewall. Keep in mind that every rules you put in the /etc/config/firewall has different numerical id in an ascending order. After that, there is .enabled=1. This is the value we are changing and you have to put it based on what you want.

With this you can group a large number of users and assign them a certain range of IPs with MAC Addreses and control their internet usage. With a simple bash script and cronjob, you can have your own small time based ISP.

About

Firewall rules and it's direct interaction on Openwrt using shell