In the OpenWrt LuCi web interface, one can create rules but leave them disabled.
I have a rule for forwarding public web traffic to one of the hosts on my private network, but I usually leave it disabled. When I want to enable it, I log into the LuCi web interface and click the enable button.
I can ssh to my OpenWrt device. Is it possible to enable these saved rules from the command line? For example, with the iptables command? I don't see the disabled rule listed with
iptables -L -t NAT
Add new redirect section to firewall config
it'll be latest in list of redirects sections
uci add firewall redirect - this will return you your new section name, for example - cfgca3837.
Then you should use that new section name for setting its attributes:
uci set firewall.cfgca3837.name='ssh to lan'
uci set firewall.cfgca3837.target=DNAT
uci set firewall.cfgca3837.src=wan
uci set firewall.cfgca3837.dest=lan
uci set firewall.cfgca3837.proto=tcp
uci set firewall.cfgca3837.dest_ip=192.168.0.110
uci set firewall.cfgca3837.src_dport=2222
uci set firewall.cfgca3837.dest_port=22
Commit changes to firewall config
uci commit firewall
Revert changes to firewall config
uci revert firewall
Enable section 2 of redirects
uci set firewall.@redirect[2].enabled=1
Disable section 2 of redirects
uci set firewall.@redirect[2].enabled=0
Reorder section, but it doesn't work well from CLI
uci reorder firewall.cfgca3837=2
Show your new config section
uci show firewall.cfgca3837
Show pending changes in firewall config
uci changes firewall
Show section 2 of redirects in firewall config
uci show firewall.@redirect[2]
Show all firewall config
uci show firewall
Reload firewall rules, it doesn't reload custom rules (/etc/firewall.user)
fw3 reload
OPENWRT is adding to firewall config one line when the rule is disabled: option enabled '0' You need to edit /etc/config/firewall and add following line to the rule you want to disable. Then firewall has to be restarted.
