Site Tools


access_restrictions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
access_restrictions [2021/05/30 19:39] hogwildaccess_restrictions [2023/10/26 17:20] (current) – [Scripting Access Restrictions] -format hogwild
Line 1: Line 1:
-====== Access Restrictions ======+====== Scripting Access Restrictions ======
  
-Access Restriction rules are coded as strings separated by pipe (|) symbols. These are stored in nvram as variables named rrule0, rrule1, rrule2 etceteraTo see what's in the first rule, we can issue the following command at the FreshTomato shell prompt:+Access Restriction rules are coded as strings separated by pipe ( | ) symbols. These are stored in NVRAM as variables named //rrule0////rrule1////rrule2// and so on.
  
-<code>nvram get rrule0</code>\\+ \\
  
-The returned string might look something like:+To see what's in the first rule, we can issue the following command at a FreshTomato shell prompt:
  
-<code>1|540|1140|62|||block-site.com$|0|New Rule 1</code>\\+ \\
  
-Let'take a closer look at what each of these nine fields separated by a pipe (|) means.+<code -> 
 +nvram get rrule0 
 +</code> 
 + 
 +\\ 
 + 
 +The returned string might look something like this: 
 + 
 + \\ 
 + 
 +<code -> 
 +1|540|1140|62|||block-site.com$|0|New Rule 1 
 +</code> 
 + 
 +\\ 
 + 
 +Let's look more closely at what each of these fields separated by a pipe ( | ) symbol means.
  
 **Field 1:** indicates whether the rule is currently enabled (1) or disabled (0). **Field 1:** indicates whether the rule is currently enabled (1) or disabled (0).
  
-**Field 2:** specifies the start time, or time to start applying this rule, in minutes elapsed since midnight. In this case, start time is 540, so the router should enforce this rule starting at 9:00 AM.  +**Field 2:** specifies the start time, (time to start applying this rule), in minutes elapsed since midnight.
  
-**Field 3:**  is the end timeor the time to stop applying this rule. This is coded the same way as the start time. Both the second and third fields will be -1 if you select the option //‘All Day’// in the Access Restrictions menu.+In this case, start time is 5:40 AMso the router should enforce this rule starting at 9:00 AM.
  
-**Field 4:** specifies the days of week on which the rule will be appliedIt is coded in binary: +**Field 3:**  is the end time, (time to stop applying this rule)This is coded similarly to the start time.
-1 for Sunday +
-2 for Monday +
-4 for Tuesday and so on+
  
-For multiple days, add the corresponding numbers for each day. In the above example the fourth field is 62 which is equal to 2+4+8+16+32 . This means the rule should be active on Mon, Tue, Wed, Thu, and Fri. in other words, only on week days. If you had checked the option //Everyday// this value would be 127.+Both the second and third fields will be -1 if you select the //‘All Day’// option in the Access Restrictions menu.
  
-**Field 5:** shows the IP or MAC Address range in your network for which the rule should be applied. +**Field 4:** specifies on which days the rule will be applied.
  
-**Field 6:** This has the //Port/Application// information coded in it. In other words, which ports numbers, protocols, Layer 7 and p2p applications should be blocked by this rule.+It is coded in binary:
  
-**Field 7:**  This field contains the Domains/URLs you want to block. It partially supports regular expressions. In the above example, domain names ending in //block-site.com// are blocked. +  1 = Sunday 
 +  2 = Monday 
 +  4 = Tuesday 
 +  8 = Wednesday 
 +  * 16 = Thursday 
 +  * 32 = Friday 
 +  * 64 = Saturday
  
-**Field 8:**  This field stores as a binary coded value if ActiveX, Flash or Java are to be blocked  + \\ 
-– for ActiveXfor Flash and for Java. And finally the ninth field stores the name that you gave to this rule.+ 
 +For multiple days, simply add together the corresponding numbers for each day. 
 + 
 +In the above example, the fourth field is 62, which is equal to 2 + 4 + 8 + 16 + 32 . This means the rule should be active on Mon, Tue, Wed, Thu, and Fri. That is, only on weekdays. If you had checked the //Everyday// option, the value would have been 127. 
 + 
 +**Field 5:** shows the IP or MAC Address range on your network for which the rule should be applied. 
 + 
 +**Field 6:** has the //Port/Application// information coded in it. In other words, which port numbers and protocols. This rule should block Layer 7 and p2p applications. 
 + 
 +**Field 7:**  contains the Domains/URLs to block. It partially supports regular expressions. 
 + 
 +In the example above, domain names ending with "block-site.com" are blocked. 
 + 
 +**Field 8:**  stores a binary coded value if ActiveX, Flash or Java are set to be blocked. 
 + 
 +  * A "1" will block ActiveX.  
 +  * A "2" will block Flash
 +  * A "4" will block Java. 
 + 
 + \\ 
 + 
 +**Field 9:**  stores the name that you gave to the rule being edited. 
 + 
 + \\ Now that we have a basic sense of how Access Restriction rules work, we can write shell scripts to control the rules. The script below will enable or disable a rule. Two values are passed on the command line – the rule number and either a "0" or "1" to disable or enable the service.
  
-Now with this basic understanding about how the Access Restriction rules in FreshTomato work, we can write shell scripts to control the rules. Below is the script I wrote to enable or disable a rule. Two values are passed on the command line – the rule number and either a 0 or a 1 to disable or enable the service respectively. If you have **jffs** enabled in control panel you can copy the script under jffs directory and schedule it to run, if you want, as a cron job. 
 \\ \\
-<code>+ 
 +<code ->
 #!/bin/sh #!/bin/sh
  
Line 74: Line 116:
 </code> </code>
  
-===== Credits =====+\\
  
 +If you have JFFS enabled in FreshTomato, you can copy the script under the jffs directory and schedule it to run as a cron job, if you wish.
 +
 + \\
 +
 + \\
 +
 +
 +===== Credits =====
  
-[[http://web.archive.org/web/20160321090715/http://infinilogix.com/wordpress/network-programming/routers/how-to-control-access-restriction-rules-in-tomato-by-a-shell-script|Credit to Justin from "infinilogix.com" - original page which is only accessible via archive.org now]]+[[http://web.archive.org/web/20160321090715/http://infinilogix.com/wordpress/network-programming/routers/how-to-control-access-restriction-rules-in-tomato-by-a-shell-script|CreditJustin from "infinilogix.com" - original page which is now only accessible via archive.org]]
  
  
access_restrictions.1622399992.txt.gz · Last modified: 2021/05/30 19:39 by hogwild