This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
access_restrictions [2021/05/26 15:35] – t3chwizard | access_restrictions [2023/07/02 01:45] – Incorrect information fixed, thanks to brodrigueznu for reporting techie007 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Access Restrictions ====== | + | ====== |
- | Access Restriction rules are coded as pipe (|) separated strings and stored in nvram variables named rrule0, rrule1, rrule2 | + | Access Restriction rules are coded as strings separated by pipe ( | ) symbols. These are stored in NVRAM as variables named //rrule0//, //rrule1//, //rrule2// and so on. |
- | < | + | To see what's in the first rule, we can issue the following command at a FreshTomato shell prompt: |
- | The returned string might look something like: | + | \\ |
- | <code> | + | <code -> |
+ | nvram get rrule0 | ||
+ | </ | ||
- | Let us take a closer look at what each of these nine fields separated by pipe (|) means. | + | \\ |
- | The first field shows whether the rule is currently enabled or disabled – 1 means enabled, 0 means disabled. | + | \\ |
- | The second field gives the start time, i.e. the time to start applying | + | The returned string might look something like this: |
- | The fourth field is the days of week on which the rule should be applied and is coded in binary – 1 for Sunday, 2 for Monday, 4 for Tuesday and so on. For multiple days, add the corresponding numbers for each day. In the above example the fourth field is 62 which is equal to 2+4+8+16+32 – meaning the rule should be active on Mon, Tue, Wed, Thu, and Fri i.e. only on week days. If you had checked the option // | + | \\ |
- | The fifth field shows the ip or mac address range in your network for which the rule should be applied – in case you don’t want all the computers on the network to be affected by this rule. The sixth field has the // | + | <code -> |
+ | 1|540|1140|62|||block-site.com$|0|New Rule 1 | ||
+ | </code> | ||
- | The seventh field contains the domains or URLs you want to block and it partially supports regular expressions. In the above example, domain names ending in // | + | \\ |
- | Now with this basic understanding about how the Access Restriction rules in Tomato work, we can write shell scripts to control the rules. Below is the script I wrote to enable or disable | + | Let's look more closely at what each of these fields separated by a pipe ( | ) symbol means. |
- | < | + | **Field 1:** indicates whether the rule is currently enabled (1) or disabled (0). |
+ | |||
+ | **Field 2:** specifies the start time, (time to start applying this rule), in minutes elapsed since midnight. | ||
+ | |||
+ | In this case, start time is 5:40 AM, so the router should enforce this rule starting at 9:00 AM. | ||
+ | |||
+ | **Field 3:** is the end time, (time to stop applying this rule). This is coded similarly to the start time. | ||
+ | |||
+ | Both the second and third fields will be -1 if you select the //‘All Day’// option in the Access Restrictions menu. | ||
+ | |||
+ | **Field 4:** specifies on which days the rule will be applied. | ||
+ | |||
+ | It is coded in binary: | ||
+ | |||
+ | * 1 = Sunday | ||
+ | * 2 = Monday | ||
+ | * 4 = Tuesday | ||
+ | * 8 = Wednesday | ||
+ | * 16 = Thursday | ||
+ | * 32 = Friday | ||
+ | * 64 = Sunday | ||
+ | |||
+ | \\ | ||
+ | |||
+ | For multiple days, add the corresponding numbers for each day. | ||
+ | |||
+ | In the above example the fourth field is 62 which is equal to 2+4+8+16+32 . This means the rule should be active on Mon, Tue, Wed., Thu., and Fri. That is, only on weekdays. If you had checked the // | ||
+ | |||
+ | **Field 5:** shows the IP or MAC Address range on your network for which the rule should be applied. | ||
+ | |||
+ | **Field 6:** has the // | ||
+ | |||
+ | **Field 7:** contains the Domains/ | ||
+ | |||
+ | In the example above, domain names ending with " | ||
+ | |||
+ | **Field 8:** stores a binary coded value if ActiveX, Flash or Java are set to be blocked. | ||
+ | |||
+ | * A " | ||
+ | * A " | ||
+ | * A " | ||
+ | |||
+ | **Field 9:** stores the name that you gave to the rule being edited. | ||
+ | |||
+ | \\ Now that we have a basic sense of how Access Restriction rules work, we can write shell scripts to control the rules. The script below will enable or disable a rule. Two values are passed on the command line – the rule number and either a " | ||
+ | |||
+ | \\ | ||
+ | |||
+ | < | ||
#!/bin/sh | #!/bin/sh | ||
Line 62: | Line 114: | ||
</ | </ | ||
- | ===== Credits ===== | + | \\ |
+ | \\ | ||
+ | |||
+ | If you have JFFS enabled in FreshTomato, | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | ===== Credits ===== | ||
- | [[http:// | + | [[http:// |