This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
access_restrictions [2021/05/30 19:36] – hogwild | access_restrictions [2023/05/24 21:36] – [Scripting Access Restrictions] -move cron job sentence below script hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Access Restrictions ====== | + | ====== |
- | Access Restriction rules are coded as strings separated by pipe (|) symbols. These are stored in nvram as variables named rrule0, rrule1, rrule2 | + | Access Restriction rules are coded as strings separated by pipe ( | ) symbols. These are stored in NVRAM as variables named //rrule0//, //rrule1//, //rrule2// and so on. |
- | < | + | To see what's in the first rule, we can issue the following command at a FreshTomato shell prompt: |
- | The returned string might look something like: | + | \\ |
- | <code> | + | <code -> |
+ | nvram get rrule0 | ||
+ | </ | ||
- | Let's take a closer look at what each of these nine fields separated by a pipe (|) means. | + | \\ |
- | **Field1:** indicates whether the rule is currently enabled (1) or disabled (0). | + | \\ |
- | **Field 2:** specifies the start time, or time to start applying this rule, in minutes elapsed since midnight. In this case, start time is 540, so the router should enforce | + | The returned string might look something like this: |
- | **Field 3:** is the end time, or the time to stop applying this rule. This is coded the same way as the start time. Both the second and third fields will be -1 if you select the option //‘All Day’// in the Access Restrictions menu. | + | \\ |
- | **Field 4:** specifies the days of week on which the rule will be applied. It is coded in binary: | + | <code -> |
- | 1 for Sunday | + | 1|540|1140|62|||block-site.com$|0|New Rule 1 |
- | 2 for Monday | + | </ |
- | 4 for Tuesday and so on. | + | |
- | For multiple days, add the corresponding numbers for each day. In the above example the fourth field is 62 which is equal to 2+4+8+16+32 . This means the rule should be active on Mon, Tue, Wed, Thu, and Fri. in other words, only on week days. If you had checked the option // | + | \\ |
- | The fifth field shows the ip or MAC address range in your network for which the rule should be applied – in case you don’t want all the computers on the network to be affected | + | Let's look more closely at what each of these fields separated |
- | The seventh field contains | + | **Field 1:** indicates whether |
+ | |||
+ | **Field 2:** specifies the start time, (time to start applying this rule), in minutes elapsed since midnight. | ||
+ | |||
+ | In this case, start time is 5:40 AM, so the router should enforce this rule starting at 9:00 AM. | ||
+ | |||
+ | **Field 3:** is the end time, (time to stop applying this rule). This is coded similarly to the start time. | ||
+ | |||
+ | Both the second and third fields will be -1 if you select the //‘All Day’// option in the Access Restrictions menu. | ||
+ | |||
+ | **Field 4:** specifies on which days the rule will be applied. | ||
+ | |||
+ | It is coded in binary: | ||
+ | |||
+ | * 1 = Sunday | ||
+ | * 2 = Monday | ||
+ | * 3 = Tuesday | ||
+ | * 4 = Wednesday | ||
+ | * 5 = Thursday | ||
+ | * 6 = Saturday | ||
+ | * 7 = Sunday | ||
+ | |||
+ | For multiple days, add the corresponding numbers for each day. | ||
+ | |||
+ | In the above example the fourth field is 62 which is equal to 2+4+8+16+32 . This means the rule should be active on Mon, Tue, Wed., Thu., and Fri. That is, only on weekdays. If you had checked the // | ||
+ | |||
+ | **Field 5:** shows the IP or MAC Address range on your network for which the rule should be applied. | ||
+ | |||
+ | **Field 6:** has the // | ||
+ | |||
+ | **Field 7:** contains the Domains/ | ||
+ | |||
+ | In the example | ||
+ | |||
+ | **Field 8: | ||
+ | |||
+ | * A "1" will block ActiveX. | ||
+ | * A "2" will block Flash. | ||
+ | * A "4" will block Java. | ||
+ | |||
+ | **Field 9: | ||
+ | |||
+ | \\ Now that we have a basic sense of how Access Restriction rules work, we can write shell scripts to control the rules. The script below will enable or disable a rule. Two values are passed on the command line – the rule number and either a " | ||
- | Now with this basic understanding about how the Access Restriction rules in FreshTomato work, we can write shell scripts to control the rules. Below is the script I wrote to enable or disable a rule. Two values are passed on the command line – the rule number and either a 0 or a 1 to disable or enable the service respectively. If you have **jffs** enabled in control panel you can copy the script under jffs directory and schedule it to run, if you want, as a cron job. | ||
\\ | \\ | ||
- | < | + | |
+ | < | ||
#!/bin/sh | #!/bin/sh | ||
Line 69: | Line 112: | ||
</ | </ | ||
- | ===== Credits ===== | + | \\ |
+ | \\ | ||
+ | |||
+ | If you have jffs enabled in FreshTomato, | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | ===== Credits ===== | ||
- | [[http:// | + | [[http:// |