help with script

[theinfinityjoe]

So i've had a rummage around the forum as i would like to integrate an alternative firewall that disables wan access with the VPN is disconnected.

I found a post in this thread : https://www.snbforums.com/threads/killswitch-doesnt-work-anymore-on-rt-ac86u-386-3_2.74666/ with a script. When I SSH into the router with Putty and paste those lines in, the script works and does what it's intended to do, disable the wan when the vpn is disconnected. So i'm trying to get this script to run automatically everytime i boot the router. I have been reading the guides and downloaded WINSCP, logged in to the router and located the JFFS/scripts section. In notepad++ I copied the following code in and saved the file as firewall-start and uploaded the below file to the jffs/scripts section of the router:

#!/bin/sh
WAN_IF="$([ $1 ] && echo $1 || echo $(nvram get wan0_ifname))"
iptables -I FORWARD -o $WAN_IF -j REJECT

When rebooting the router, the script doesn't run. being a newbie, i'm unsure how to get the script to run but i've tried the following commands :

./firewall-start init (after navigation within the jffs/scripts directory) . It says file not found but what i have noticed is I tried the command

"service restart_firewall" and the script appears to run when displayed in system log with the following info :

Nov 3 18:09:36 rc_service: service 3298:notify_rc restart_firewall
Nov 3 18:09:36 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Nov 3 18:10:26 rc_service: httpd 1698:notify_rc stop_vpnclient2

The problem is, even though it says it's running, the script doesn't work the same as originally tested through SSH and nothing is blocked when the VPN disconnects. Does anyone know what may be wrong here and also how do i get this script to autorun when the router boots?

 

[RocketJSquirrel]

Did you make the script executable?

chmod +x firewall-start

 

[theinfinityjoe]

i think that worked , thanks so much, spent hours on this

 

[eibgrad]

Not sure how you got it running if you created the file w/ Notepad and uploaded it. Notepad uses DOS formatting for EOL (end of line) characters, while Linux require different EOL characters. Linux can NOT execute DOS files.

The better thing to do is to copy'paste the following into the ssh window.

cat << "EOF" > /jffs/scripts/firewall-start
#!/bin/sh
WAN_IF="$([ $1 ] && echo $1 || echo $(nvram get wan0_ifname))"
iptables -I FORWARD -o $WAN_IF -j REJECT
EOF
chmod +x /jffs/scripts/firewall-start

 

[ColinTaylor]

Not sure how you got it running if you created the file w/ Notepad and uploaded it. Notepad uses DOS formatting for EOL (end of line) characters, while Linux require different EOL characters. Linux can NOT execute DOS files.

He said Notepad++, not Notepad.

 

[eibgrad]

He said Notepad++, not Notepad.

Ahh, my bad.

 

[theinfinityjoe]

Ahh, my bad.

thanks for the previous post with the script , was trying to get this working for a while