Enable/Disable Iptables rule via cron...

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Johnb175
DD-WRT User


Joined: 08 Oct 2010
Posts: 52

PostPosted: Mon Nov 30, 2020 21:58    Post subject: Enable/Disable Iptables rule via cron... Reply with quote
I am trying to figure out how to enable and disable a specific port forward rule via cron. I am able to disable the rule via ssh by using:
Code:

iptables -D FORWARD -p tcp -d 192.168.0.99 --dport 8050 -j ACCEPT

and then re-enable the rule by using
Code:

iptables -I FORWARD -p tcp -d 192.168.0.99 --dport 8050 -j ACCEPT

This change is not reflected in the GUI.

When I add to cron to execute at 3:45 in the afternoon like below it doesn't seem to execute as the port stays open.
Code:

45 15 * * * root /usr/sbin/iptables -D FORWARD -p tcp -d 192.168.0.99 --dport 8050 -j ACCEPT


Am I missing something here?
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue Dec 01, 2020 0:27    Post subject: Reply with quote
Perhaps cron is using UTC time?
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1407

PostPosted: Tue Dec 01, 2020 2:22    Post subject: Reply with quote
was cron fixed? I know for a while it was having problems, so it could be the build that you are on.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Dec 01, 2020 7:21    Post subject: Reply with quote
Wildlion wrote:
was cron fixed? I know for a while it was having problems, so it could be the build that you are on.


That is why it is always a good idea to state router model and build number Smile

To get the best out of DDWRT and the forum, read and follow the forum guidelines:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Johnb175
DD-WRT User


Joined: 08 Oct 2010
Posts: 52

PostPosted: Tue Dec 01, 2020 15:43    Post subject: Reply with quote
Sorry guys, I was busy when I was typing up that post and forgot to include the build info. Don't laugh. This is an old Buffalo WZR-HP-G450H which was using an old Buffalo build of dd-wrt 20025. If this is a build with the cron issue is there a workaround?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Tue Dec 01, 2020 17:51    Post subject: Reply with quote
Johnb175 wrote:
Sorry guys, I was busy when I was typing up that post and forgot to include the build info. Don't laugh. This is an old Buffalo WZR-HP-G450H which was using an old Buffalo build of dd-wrt 20025. If this is a build with the cron issue is there a workaround?


Upgrading to the latest build??

ftp://ftp.dd-wrt.com/betas/2020/11-24-2020-r44863/buffalo-wzr-hp-g450h/
Johnb175
DD-WRT User


Joined: 08 Oct 2010
Posts: 52

PostPosted: Tue Dec 01, 2020 19:49    Post subject: Reply with quote
Well normally yes, but it's located far away and I cannot easily upgrade it. I was hoping to keep this version until I can do a hardware refresh with a R7800 and the latest build.
inetquestion
DD-WRT User


Joined: 24 Sep 2015
Posts: 67

PostPosted: Fri Jan 28, 2022 18:41    Post subject: iptables additions not taking affect when updated via cron Reply with quote
Curious if you figured this out. Doing something similar...

If my script is run manually, it makes iptables additions as expected. The script when run via cron is running and is executing the commands, but the changes do not actually get applied. Seems similar to what you are facing.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Fri Jan 28, 2022 19:16    Post subject: Reply with quote
I just tried it using a recent build (47911) and had no problem.

Once you add the cronjob, use ssh/telnet to check the file and make sure it's there and looks correct. Sometimes it's easy to make a typo in the GUI and not notice.

Code:
cat /tmp/cron.d/cron_jobs


I would use the "every minute" schedule during testing.

Code:
*/1 * * * * root /usr/sbin/iptables -D FORWARD -p tcp -d 192.168.1.100 --dport 8888 -j ACCEPT


Make sure you have the correct path for iptables too.

Code:
which iptables


Frankly, you probably don't even need the path.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum