What's new

help with script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

theinfinityjoe

Occasional Visitor
So i've had a rummage around the forum as i would like to integrate an alternative firewall that disables wan access with the VPN is disconnected.

I found a post in this thread : https://www.snbforums.com/threads/killswitch-doesnt-work-anymore-on-rt-ac86u-386-3_2.74666/ with a script. When I SSH into the router with Putty and paste those lines in, the script works and does what it's intended to do, disable the wan when the vpn is disconnected. So i'm trying to get this script to run automatically everytime i boot the router. I have been reading the guides and downloaded WINSCP, logged in to the router and located the JFFS/scripts section. In notepad++ I copied the following code in and saved the file as firewall-start and uploaded the below file to the jffs/scripts section of the router:

#!/bin/sh
WAN_IF="$([ $1 ] && echo $1 || echo $(nvram get wan0_ifname))"
iptables -I FORWARD -o $WAN_IF -j REJECT

When rebooting the router, the script doesn't run. being a newbie, i'm unsure how to get the script to run but i've tried the following commands :

./firewall-start init (after navigation within the jffs/scripts directory) . It says file not found but what i have noticed is I tried the command

"service restart_firewall" and the script appears to run when displayed in system log with the following info :

Nov 3 18:09:36 rc_service: service 3298:notify_rc restart_firewall
Nov 3 18:09:36 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Nov 3 18:10:26 rc_service: httpd 1698:notify_rc stop_vpnclient2

The problem is, even though it says it's running, the script doesn't work the same as originally tested through SSH and nothing is blocked when the VPN disconnects. Does anyone know what may be wrong here and also how do i get this script to autorun when the router boots?
 
Did you make the script executable?

chmod +x firewall-start
 
Not sure how you got it running if you created the file w/ Notepad and uploaded it. Notepad uses DOS formatting for EOL (end of line) characters, while Linux require different EOL characters. Linux can NOT execute DOS files.

The better thing to do is to copy'paste the following into the ssh window.

Code:
cat << "EOF" > /jffs/scripts/firewall-start
#!/bin/sh
WAN_IF="$([ $1 ] && echo $1 || echo $(nvram get wan0_ifname))"
iptables -I FORWARD -o $WAN_IF -j REJECT
EOF
chmod +x /jffs/scripts/firewall-start
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top