This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
access_restrictions [2021/05/30 19:36] – hogwild | access_restrictions [2023/07/02 16:23] – [Scripting Access Restrictions] -formatting hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Access Restrictions ====== | + | ====== |
- | Access Restriction rules are coded as strings separated by pipe (|) symbols. These are stored in nvram as variables named rrule0, rrule1, rrule2 | + | Access Restriction rules are coded as strings separated by pipe ( | ) symbols. These are stored in NVRAM as variables named //rrule0//, //rrule1//, //rrule2// and so on. |
- | < | + | To see what's in the first rule, we can issue the following command at a FreshTomato shell prompt: |
- | The returned string might look something like: | + | \\ |
- | <code> | + | <code -> |
+ | nvram get rrule0 | ||
+ | </ | ||
- | Let's take a closer look at what each of these nine fields separated by a pipe (|) means. | + | \\ |
- | **Field1:** indicates whether the rule is currently enabled (1) or disabled (0). | + | The returned string might look something like this: |
- | **Field 2:** specifies the start time, or time to start applying this rule, in minutes elapsed since midnight. In this case, start time is 540, so the router should enforce this rule starting at 9:00 AM. | + | \\ |
- | **Field 3:** is the end time, or the time to stop applying this rule. This is coded the same way as the start time. Both the second and third fields will be -1 if you select the option | + | < |
+ | 1|540|1140|62|||block-site.com$|0|New Rule 1 | ||
+ | </code> | ||
- | **Field 4:** specifies the days of week on which the rule will be applied. It is coded in binary: | + | \\ |
- | 1 for Sunday | + | |
- | 2 for Monday | + | |
- | 4 for Tuesday and so on. | + | |
- | For multiple days, add the corresponding numbers for each day. In the above example the fourth field is 62 which is equal to 2+4+8+16+32 . This means the rule should be active on Mon, Tue, Wed, Thu, and Fri. in other words, only on week days. If you had checked the option // | + | Let's look more closely at what each of these fields separated by a pipe ( | ) symbol |
- | The fifth field shows the ip or MAC address range in your network for which the rule should be applied – in case you don’t want all the computers on the network to be affected by this rule. The sixth field has the // | + | **Field 1:** indicates whether |
- | The seventh | + | **Field 2:** specifies the start time, (time to start applying this rule), in minutes elapsed since midnight. |
+ | |||
+ | In this case, start time is 5:40 AM, so the router should enforce this rule starting at 9:00 AM. | ||
+ | |||
+ | **Field 3:** is the end time, (time to stop applying this rule). This is coded similarly to the start time. | ||
+ | |||
+ | Both the second and third fields will be -1 if you select the //‘All Day’// option in the Access Restrictions menu. | ||
+ | |||
+ | **Field 4:** specifies on which days the rule will be applied. | ||
+ | |||
+ | It is coded in binary: | ||
+ | |||
+ | * 1 = Sunday | ||
+ | * 2 = Monday | ||
+ | * 4 = Tuesday | ||
+ | * 8 = Wednesday | ||
+ | * 16 = Thursday | ||
+ | * 32 = Friday | ||
+ | * 64 = Sunday | ||
+ | |||
+ | For multiple days, simply add together the corresponding numbers for each day. | ||
+ | |||
+ | In the above example, the fourth | ||
+ | |||
+ | **Field 5:** shows the IP or MAC Address range on your network for which the rule should be applied. | ||
+ | |||
+ | **Field 6:** has the // | ||
+ | |||
+ | **Field 7:** contains the Domains/URLs to block. It partially supports regular expressions. | ||
+ | |||
+ | In the example | ||
+ | |||
+ | **Field 8: | ||
+ | |||
+ | * A "1" will block ActiveX. | ||
+ | * A "2" will block Flash. | ||
+ | * A "4" will block Java. | ||
+ | |||
+ | **Field 9: | ||
+ | |||
+ | \\ Now that we have a basic sense of how Access Restriction rules work, we can write shell scripts to control the rules. The script below will enable or disable a rule. Two values are passed on the command line – the rule number and either a " | ||
- | Now with this basic understanding about how the Access Restriction rules in FreshTomato work, we can write shell scripts to control the rules. Below is the script I wrote to enable or disable a rule. Two values are passed on the command line – the rule number and either a 0 or a 1 to disable or enable the service respectively. If you have **jffs** enabled in control panel you can copy the script under jffs directory and schedule it to run, if you want, as a cron job. | ||
\\ | \\ | ||
- | < | + | |
+ | < | ||
#!/bin/sh | #!/bin/sh | ||
Line 69: | Line 110: | ||
</ | </ | ||
- | ===== Credits ===== | + | \\ |
+ | If you have JFFS enabled in FreshTomato, | ||
- | [[http:// | + | \\ |
+ | \\ | ||
+ | |||
+ | |||
+ | ===== Credits ===== | ||
+ | [[http:// |