Do SSH change survive reboot?

[SDF07S]

I use SSH to create some custom IPTables, but I want them to survive reboot and/or be auto-execut upon reboot. How do I do that? Unifi Dream Machine needed a special on-boot script to execute custom scripts on reboot. Is there something like that for ASUS routers? I am not familiar with NVRAM commands, but NVRAM SET does not work for IPTables.

 

[eibgrad]

Home | Asuswrt-Merlin

www.asuswrt-merlin.net

 

[SDF07S]

There is no 3.0.0.6 Merlin firmware for my routers. There may be one in the future, but there is no ETA. Is there some other way I can force my custom scripts to apply on boot? They are just simple IPTables additions.

 

[eibgrad]

IIRC, ASUS routers used to have a facility where you could point to a script for execution on bootup. But that capability was removed several years ago for security reasons, leaving only third-party firmware as an option.

Even if this was still possible, timing can become an issue. It may just be a few iptables additions from your perspective, but you have to make sure they are (re)applied at the correct time, typically after the firewall has been established, and w/o having them overwritten for some reason, such as an unexpected restart of the firewall. It's these sorts of things that Merlin's firmware takes into consideration when enabling custom scripts.

Since you provided no specifics as to router, I don't know if there might be an *indirect* means to invoke a script. For example, it might be possible to trigger a script based on some other event, such as mounting of a USB drive. You often see this capability w/ third-party firmware. And it *might* be possible w/ OEM firmware, esp. since it can be assumed such a script is available from the USB drive itself.

That's why it's important when choosing a router to consider whether it is at least capable of supporting third-party firmware, even if you choose to NOT install it at the time of purchase. Otherwise, you're stuck w/ whatever the OEM makes possible through the GUI.