Add/Remove Port Forwards on a schedule

[kramttocs]

Is there a way to schedule adding and removing port forwarding entries?
I am thinking since it's only needed for cert renewal, I'd like to have it closed for all but an hour or so once a week.

 

[eibgrad]

You could create a nat-start script and add your own port forward(s) which includes its own scheduling using the time module.

#!/bin/sh
ext_ip="$(nvram get wan_ipaddr)"
ext_port=3389
int_ip=192.168.1.100
int_port=3389
proto=tcp

iptables -t nat -I PREROUTING -p $proto -d $ext_ip --dport $ext_port \
    -m time --timestart 20:00 --timestop 00:00 --weekdays Mon,Tue,Wed,Thu,Sun --kerneltz \
    -j DNAT --to $int_ip:$int_port
iptables -t nat -I PREROUTING -p $proto -d $ext_ip --dport $ext_port \
    -m time --timestart 00:00 --timestop 08:00 --weekdays Mon,Tue,Wed,Thu,Fri --kerneltz \
    -j DNAT --to $int_ip:$int_port

exit 0

I provided an example that crosses the midnight hour since that requires two rules to handle the crossover. But if you're just opening the port for an hour in the middle of a specific day, the required rule is much simpler.

Note, this will NOT work if the remote access is NOT really a port forward, such as needing to access a a service on the router itself (i.e., the router is the target). I'm strictly talking about actual port forwarding, which means to devices *other* than the router.

 

[kramttocs]

That is excellent! Really appreciate it. I am assuming this won't show in the UI/nvram, right?

I know it's a feature request but it would be nice to enable/disable port forwards vs having the delete/add them.

 

[eibgrad]

That is excellent! Really appreciate it. I am assuming this won't show in the UI/nvram, right?

Correct.