Create rule in OpenWrt LuCi, apply saved iptables rule from command line
Solution 1
Add new redirect section to firewall config
it'll be latest in list of redirects sections
uci add firewall redirect
- this will return you your new section name, for example - cfgca3837
.
Then you should use that new section name for setting its attributes:
uci set firewall.cfgca3837.name='ssh to lan'
uci set firewall.cfgca3837.target=DNAT
uci set firewall.cfgca3837.src=wan
uci set firewall.cfgca3837.dest=lan
uci set firewall.cfgca3837.proto=tcp
uci set firewall.cfgca3837.dest_ip=192.168.0.110
uci set firewall.cfgca3837.src_dport=2222
uci set firewall.cfgca3837.dest_port=22
Commit changes to firewall config
uci commit firewall
Revert changes to firewall config
uci revert firewall
Enable section 2 of redirects
uci set firewall.@redirect[2].enabled=1
Disable section 2 of redirects
uci set firewall.@redirect[2].enabled=0
Reorder section, but it doesn't work well from CLI
uci reorder firewall.cfgca3837=2
Show your new config section
uci show firewall.cfgca3837
Show pending changes in firewall config
uci changes firewall
Show section 2 of redirects in firewall config
uci show firewall.@redirect[2]
Show all firewall config
uci show firewall
Reload firewall rules, it doesn't reload custom rules (/etc/firewall.user)
fw3 reload
Solution 2
OPENWRT is adding to firewall config one line when the rule is disabled: option enabled '0' You need to edit /etc/config/firewall and add following line to the rule you want to disable. Then firewall has to be restarted.
Related videos on Youtube
Mark Miller
Updated on September 18, 2022Comments
-
Mark Miller over 1 year
In the OpenWrt LuCi web interface, one can create rules but leave them disabled.
I have a rule for forwarding public web traffic to one of the hosts on my private network, but I usually leave it disabled. When I want to enable it, I log into the LuCi web interface and click the enable button.
I can ssh to my OpenWrt device. Is it possible to enable these saved rules from the command line? For example, with the iptables command? I don't see the disabled rule listed with
iptables -L -t NAT
-
user over 8 yearsHow do you "disable" the rule, and/or how do you "enable" it? (Please edit.)
-
-
Mark Miller over 7 yearsThanks. I think I see what you mean, but I haven't tried enabling and disabling yet. I'm using chaos calmer r47608. Will this option work with my version without applying any updates?
-
Mark Miller over 6 yearsThanks. Will try over the weekend and then send response.