Startup Script Not Working

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
Bugsysiegals
DD-WRT Novice


Joined: 15 Apr 2018
Posts: 40

PostPosted: Wed Dec 05, 2018 16:32    Post subject: Startup Script Not Working Reply with quote
I have a script which creates firewall rules for all my security cameras which works perfectly fine when run manually; however, when added to the startup scripts, it not working for some reason.

I've already done "chmod 755 ipcamsblock.sh". The line of code in startup is "/opt/scripts/ipcamsblock.sh". The line underneath it for YAMon3 works fine and is "/opt/YAMon3/startup.sh 10".

I've tried to "cat /var/log/messages" but cannot see anything which would give me a clue as to why the script doesn't work automatically.

Any ideas? I really need this fixed so I can trust the cameras are not being exposed to the internet whenever the router reboots.

P.S. Why can I not revise my post after posting or make another post without the stupid error about not being able to post. I'm not a bot!
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Dec 05, 2018 18:07    Post subject: Reply with quote
If you run the script form the command line what is the error code?

Some quick tips:
C heck wether it is executable (ls -l)
Does the file begin with a shebang (#!/bin/sh)
And the mistake most often made: file endings in Windows format. Be sure that there are only <LF> line endings and not <CR><LF>. Use Notepad ++

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Bugsysiegals
DD-WRT Novice


Joined: 15 Apr 2018
Posts: 40

PostPosted: Wed Dec 05, 2018 20:11    Post subject: Reply with quote
It runs without error when executed from CLI.

What's strange to me is the code runs fine if I have it in the startup script commands area of DD-WRT but if I paste the same code into it's own script and call the script from the startup script, it doesn't work, even though I've made the script with execute permissions, 775.

Code:

# Pause 10 seconds before applying firewall rules
sleep 10

# Block all devices on br1 from accessing the router interface
/usr/sbin/iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

# Only allow IP Cams and Blue Iris Server outbound through VPN
/usr/sbin/iptables -I FORWARD -i br2 -s XXX.XXX.XXX.XXX ! -o tun2+ -j logdrop
/usr/sbin/iptables -I FORWARD -i br1 -s XXX.XXX.XXX.XXX ! -o tun2+ -j logdrop

# Exception - Allow BI server to send email notifications
/usr/sbin/iptables -I FORWARD -i br2 -s XXX.XXX.XXX.XXX -o $(nvram get wan_ifname) -d smtp.gmail.com -p udp --dport 465 -j logaccept
/usr/sbin/iptables -I FORWARD -i br2 -s XXX.XXX.XXX.XXX -o $(nvram get wan_ifname) -d smtp.gmail.com -p tcp --dport 465 -j logaccept
Bugsysiegals
DD-WRT Novice


Joined: 15 Apr 2018
Posts: 40

PostPosted: Wed Dec 05, 2018 20:19    Post subject: Reply with quote
What an idiot, I forgot the she-bang!
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Dec 05, 2018 20:26    Post subject: Reply with quote
Did you check the line endings?
For a script only <LF> is allowed

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Bugsysiegals
DD-WRT Novice


Joined: 15 Apr 2018
Posts: 40

PostPosted: Wed Dec 05, 2018 20:33    Post subject: Reply with quote
While the script works with the she-bang, it doesn't work always if I don't pause for 10 seconds. I assume some other process/actions need to occur before you can begin applying iptable rules ... is there code which would allow me to pause until it's actually ready rather than guessing 10 seconds and waiting to long or not long enough?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Wed Dec 05, 2018 20:50    Post subject: Reply with quote
No unless we know what is going on.
Why not save the rules in the firewall
Administration/Commands Save as Firewall

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Bugsysiegals
DD-WRT Novice


Joined: 15 Apr 2018
Posts: 40

PostPosted: Thu Dec 06, 2018 23:43    Post subject: Reply with quote
Thanks for pointing it out, I hadn't noticed I could do that!!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum