This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
access_restrictions [2021/05/26 15:28] – t3chwizard | access_restrictions [2023/05/10 20:11] – [Scripting Access Restrictions] condense, bullet Field 8 options hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | [[http:// | + | ====== Scripting Access Restrictions ====== |
+ | |||
+ | Access Restriction rules are coded as strings separated by pipe ( | ) symbols. These are stored in NVRAM as variables named //rrule0//, //rrule1//, //rrule2// and so on. | ||
+ | |||
+ | To see what's in the first rule, we can issue the following command at a FreshTomato shell prompt: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | <code -> | ||
+ | nvram get rrule0 | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | The returned string might look something like this: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | <code -> | ||
+ | 1|540|1140|62|||block-site.com$|0|New Rule 1 | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | Let's look more closely at what each of these fields separated by a pipe ( | ) symbol means. | ||
+ | |||
+ | **Field 1:** indicates whether the rule is currently enabled (1) or disabled (0). | ||
+ | |||
+ | **Field 2:** specifies the start time, (time to start applying this rule), in minutes elapsed since midnight. | ||
+ | |||
+ | In this case, start time is 5:40 AM, so the router should enforce this rule starting at 9:00 AM. | ||
+ | |||
+ | **Field 3:** is the end time, (time to stop applying this rule). This is coded similarly to the start time. | ||
+ | |||
+ | Both the second and third fields will be -1 if you select the //‘All Day’// option in the Access Restrictions menu. | ||
+ | |||
+ | **Field 4:** specifies on which days the rule will be applied. | ||
+ | |||
+ | It is coded in binary: | ||
+ | |||
+ | * 1 = Sunday | ||
+ | * 2 = Monday | ||
+ | * 3 = Tuesday | ||
+ | * 4 = Wednesday | ||
+ | * 5 = Thursday | ||
+ | * 6 = Saturday | ||
+ | * 7 = Sunday | ||
+ | |||
+ | For multiple days, add the corresponding numbers for each day. | ||
+ | |||
+ | In the above example the fourth field is 62 which is equal to 2+4+8+16+32 . This means the rule should be active on Mon, Tue, Wed., Thu., and Fri. That is, only on weekdays. If you had checked the // | ||
+ | |||
+ | **Field 5:** shows the IP or MAC Address range on your network for which the rule should be applied. | ||
+ | |||
+ | **Field 6:** has the // | ||
+ | |||
+ | **Field 7:** contains the Domains/ | ||
+ | |||
+ | In the example above, domain names ending with " | ||
+ | |||
+ | **Field 8:** stores a binary coded value if ActiveX, Flash or Java are set to be blocked. | ||
+ | |||
+ | * A " | ||
+ | * A " | ||
+ | * A " | ||
+ | |||
+ | **Field 9:** stores the name that you gave to the rule being edited. | ||
+ | |||
+ | \\ Now that we have a basic sense of how Access Restriction rules work, we can write shell scripts to control the rules. Below is the script which will enable or disable a rule. Two values are passed on the command line – the rule number and either a " | ||
+ | |||
+ | \\ | ||
+ | |||
+ | <code -> | ||
+ | #!/bin/sh | ||
+ | |||
+ | #Wait if any service is currently being restarted | ||
+ | |||
+ | nvstat=`nvram get action_service` | ||
+ | while [ " | ||
+ | echo | ||
+ | done | ||
+ | |||
+ | #Assume we are going to enable the rule | ||
+ | enable=1 | ||
+ | |||
+ | #Was a 1 or 0 passed on the command line? | ||
+ | [ " | ||
+ | |||
+ | #Get the current setting of the rule. | ||
+ | #Rule number is passed as the first parameter on the command line. | ||
+ | rr=`nvram get rrule$1` | ||
+ | |||
+ | #Set the first field to the value in variable $enable | ||
+ | rr=$(echo $rr|sed " | ||
+ | echo $rr | ||
+ | |||
+ | #Replace the old rule with the new value | ||
+ | nvram set rrule$1=" | ||
+ | |||
+ | #Prepare to restart the service by killing the init process | ||
+ | nvram set action_service=restrict-restart | ||
+ | |||
+ | #kill the init process | ||
+ | kill -USR1 1 | ||
+ | |||
+ | #Wait for the service to restart | ||
+ | while [ " | ||
+ | echo | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Credits ===== | ||
+ | |||
+ | [[http:// | ||
+ |