SetForwardSpec
#!/bin/sh
# Defines the DD-WRT nvram variables `forward_spec' and `forwardspec_entries'
# to create a `NAT/QoS: Port Forwarding: Port Forward: Forwards:' table.
# Edit this script before run it !
# Tested with `DD-WRT v24-sp2 (12/14/11) std - build 18007' for Gateworks GW2358-4
# and `DD-WRT v24-sp2 (08/07/10) mini - build 14896' for Linksys WRT54GL v1.1.
# Additional firewall rules are generated for the latter firmware
# because its port forwarding does not support limiting networks.
# This script was written by Stephan Seidl in 2012, no copyright is claimed.
# It is offered as-is, without any warranty.
# This script is in the public domain; do with it what you wish.
sys=0
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:EE:97' && sys=1
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:EE:98' && sys=1
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:4C:69' && sys=2
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:4C:6A' && sys=2
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:4C:6B' && sys=2
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:E3:99' && sys=3
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:E3:9A' && sys=3
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:E3:9B' && sys=3
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:02:6E' && sys=4
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:02:6F' && sys=4
ifconfig -a | tr '[a-z]' '[A-Z]' | grep -q '00:11:22:33:02:70' && sys=4
pat=""
#at="${pat} : off : both : 3478 > 10.xxx.yyy.133 : 3478 < NET @ "
#at="${pat} : off : udp : 5004 > 10.xxx.yyy.71 : 5004 < NET @ "
#at="${pat} : off : udp : 5060 > 10.xxx.yyy.71 : 5060 < NET @ "
pat="${pat} : on : udp : 5062 > 10.xxx.yyy.71 : 5062 < NET @ "
#at="${pat} : off : udp : 5064 > 10.xxx.yyy.71 : 5064 < NET @ "
#at="${pat} : off : udp : 5066 > 10.xxx.yyy.71 : 5066 < NET @ "
pat="${pat} : on : udp : 5104 > 10.xxx.yyy.71 : 5104 < NET @ "
pat="${pat} : on : udp : 5160 > 10.xxx.yyy.71 : 5160 < NET @ "
pat="${pat} : on : udp : 5204 > 10.xxx.yyy.133 : 5204 < NET @ "
pat="${pat} : on : udp : 5260 > 10.xxx.yyy.133 : 5260 < NET @ "
#at="${pat} : off : both : 10000 > 10.xxx.yyy.71 : 10000 < NET @ "
arg=""
itm=`echo "${pat}" | sed 's,NET, 10.xxx.yyy.0/24 ,g'` ; arg="${arg}${itm}"
itm=`echo "${pat}" | sed 's,NET, 217.10.68.0/24 ,g'` ; arg="${arg}${itm}"
itm=`echo "${pat}" | sed 's,NET, 217.10.79.0/24 ,g'` ; arg="${arg}${itm}"
itm=`echo "${pat}" | sed 's,NET, 217.74.179.0/24 ,g'` ; arg="${arg}${itm}"
itm=`echo "${pat}" | sed 's,NET, 193.47.84.0/24 ,g'` ; arg="${arg}${itm}"
if [ "${sys}" = "1" ]; then
# DD-WRT v24-sp2 (12/14/11) std - build 18007, for Gateworks GW2358-4
num="${arg}"
num=`echo "${num}" | tr '\012' ' '`
num=`echo "${num}" | tr '@' '\012'`
num=`echo "${num}" | wc -l`
num=`echo "${num} 1 - p " | dc`
num=`echo "${num}" | sed 's, ,,g'`
arg=`echo "${arg}" | sed 's, ,,g'`
arg=`echo "${arg}" | sed 's,@$,#,'`
arg=`echo "${arg}" | tr '@' ' '`
arg=`echo "${arg}" | tr '#' '\012'`
nvram set forward_spec="${arg}"
nvram set forwardspec_entries="${num}"
nvram commit
fi
if [ "${sys}" = "3" ]; then
# DD-WRT v24-sp2 (08/07/10) mini - build 14896, for Linksys WRT54GL v1.1
bak="${arg}"
arg=`echo "${arg}" | sed 's, ,,g'`
arg=`echo "${arg}" | tr '@' '\012'`
arg=`echo "${arg}" | sed 's,<.*$,,'`
arg=`echo "${arg}" | sed 's,:[0-9][0-9]*>, & ,'`
arg=`echo "${arg}" | awk '{print $2 " " $1 " " $2 " " $3;}'`
arg=`echo "${arg}" | sed 's,^:,,'`
arg=`echo "${arg}" | sed 's,> :, :,'`
arg=`echo "${arg}" | sort -nu`
arg=`echo "${arg}" | awk '{print $2 $3 $4 "@";}'`
arg=`echo "${arg}" | sed '$s,@,#,'`
num="${arg}"
num=`echo "${num}" | wc -l`
num=`echo "${num}" | sed 's, ,,g'`
arg=`echo "${arg}" | tr '@' ' '`
arg=`echo "${arg}" | tr '\012' ' '`
arg=`echo "${arg}" | tr '#' '\012'`
arg=`echo "${arg}" | sed -n 's,[0-9],&,p'`
arg=`echo "${arg}" | sed 's, *, ,g'`
nvram set forward_spec="${arg}"
nvram set forwardspec_entries="${num}"
nvram commit
arg="${bak}"
arg=`echo "${arg}" | sed 's, ,,g'`
arg=`echo "${arg}" | tr '@' '\012'`
arg=`echo "${arg}" | sed 's,:both:, & ,'`
arg=`echo "${arg}" | sed 's,:tcp:, & ,'`
arg=`echo "${arg}" | sed 's,:udp:, & ,'`
arg=`echo "${arg}" | awk '{if($2!=":both:"){print $1 $2 $3;next;} \
print $1 ":tcp:" $3; \
print $1 ":udp:" $3; \
next;}'`
arg=`echo "${arg}" | sed -n 's,:on:,&,p'`
bak="${arg}"
arg=`echo "${arg}" | sed 's,<.*$,,'`
arg=`echo "${arg}" | sed 's,:tcp:, & ,'`
arg=`echo "${arg}" | sed 's,:udp:, & ,'`
arg=`echo "${arg}" | sed 's,:[0-9][0-9]*$, & ,'`
arg=`echo "${arg}" | awk '{print $4 " " $2;}'`
arg=`echo "${arg}" | sort -u`
arg=`echo "${arg}" | tr ':' ' '`
arg=`echo "${arg}" | sort -n`
arg=`echo "${arg}" | awk '{print "iptables -t filter -I FORWARD -p " $2 " --dport " $1 " -j DROP";}'`
drp="${arg}"
arg="${bak}"
arg=`echo "${arg}" | sed 's,:tcp:, & ,'`
arg=`echo "${arg}" | sed 's,:udp:, & ,'`
arg=`echo "${arg}" | sed 's,:[0-9][0-9]*<, & ,'`
arg=`echo "${arg}" | awk '{print $5 " " $4 " " $2;}'`
arg=`echo "${arg}" | tr '.' ' '`
arg=`echo "${arg}" | tr '/' ' '`
arg=`echo "${arg}" | tr ':' ' '`
arg=`echo "${arg}" | tr '<' ' '`
arg=`echo "${arg}" | sed 's, *, ,g'`
arg=`echo "${arg}" | sed 's,^ ,,'`
arg=`echo "${arg}" | sed 's, $,,'`
arg=`echo "${arg}" | sort -u`
arg=`echo "${arg}" | sort -n`
arg=`echo "${arg}" | awk '{print "iptables -t filter -I FORWARD -p " $7 " --dport " $6 \
" -j ACCEPT -s " $1 "." $2 "." $3 "." $4 "/" $5;}'`
acc="${arg}"
arg=""
arg="${arg}ifconfig vlan1:0 192.168.1.15 netmask 255.255.255.0;"
arg="${arg}iptables -t nat -I POSTROUTING -o vlan1 -d 192.168.1.15/24 -j MASQUERADE;"
arg=`echo "${arg}" | tr ';' '\012'`
pre="${arg}"
arg="${pre};${drp};${acc}"
arg=`echo "${arg}" | tr ';' '\012'`
nvram set rc_firewall="${arg}"
nvram commit
fi
Stephan K.H. Seidl