Before everything, please note:
- This is a tech doc only for advanced user. Incorrect scripting may cause system corruption that you may have to reset factory default or even reflash the disk.
- This is for Firewalla Gold and Purple.
- This is for version 1.971 or above
Customized Scripts
You can add some scripts to Gold/Purple so that it can be automatically executed when Firewalla service restarts (for example, when Gold/Purple reboots or software updates).
These scripts can be placed under this folder /home/pi/.firewalla/config/post_main.d/ (create this folder if it does not exist)
- the directory itself should be writable and executable by anyone (including
pi) - the files inside the directory should be executable by anyone (including
pi)
$ mkdir /home/pi/.firewalla/config/post_main.d/
$ cd /home/pi/.firewalla/config/post_main.d/
$ sudo chmod +wr .
Create a file with any name ending in with ".sh" and make it executable. For example:
$ sudo touch /home/pi/.firewalla/config/post_main.d/hello.sh
$ sudo chmod +x /home/pi/.firewalla/config/post_main.d/hello.sh
Any files ending with ".sh" will be executed at boot time. Now edit using vi or nano. For example:
$ cat /home/pi/.firewalla/config/post_main.d/hello.sh
#!/bin/bash
echo "Hello World"
Notes
- Please make sure your scripts can be executed multiple times at unscheduled time because it will be called every time the Firewalla services restart.
- If you need to run a specific command as root within your script, use
sudo.
Example: Install package "iftop"
#!/bin/bash
sudo apt-get update
sudo apt-get install iftop -y
Customized Cron jobs
To create scheduled jobs, you may add your own cronjob by putting a valid cronjob expression in this file.
/home/pi/.firewalla/config/user_crontab
Example:
pi@firewalla:~ (Firewalla) $ cat ~/.firewalla/config/user_crontab
* * * * * /bin/bash -c "date" &> /tmp/date.log
Note: No changes will be incorporated to the system crontab until Firewalla service restarts.
You can verify if it's incorporated by running "crontab -l"
Examples
# Run a script of your choosing
*/15 6-21 * * * /data/helloworld.sh
Comments
42 comments
@Michael.
At this point, I am just focusing on the chpasswd command. I'm not even running in a script... just running the sudo echo UID:PWD | sudo chpasswd.
Once I have this step working I will move on to the next. I'm going to ask Stack Exchange or something similar to see if they have any suggestions. That is probably more appropriate. I'll report back when I have something to share.
In case any special characters in your password, you might want to do
For example,
Or use variables instead
Please have a try and see if it works
Hard coded passwords are a really bad idea.
https://cwe.mitre.org/data/definitions/798.html
https://cwe.mitre.org/data/definitions/259.html
Thanks for the advice. In the end, I will be looking at that. But, first, I need to get a script that works. Then I can focus on making it fancy/secure.
Hi,
How can I find out why script not working after restarting my firewall blue plus?
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla Blue Plus) $ pwd
/home/pi/.firewalla/config/post_main.d
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla Blue Plus) $ ls -lh
total 4.0K
-rwxr-xr-x 1 root root 161 Oct 23 19:05 hello.sh
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla Blue Plus) $ cat hello.sh
#!/bin/bash
sudo ip route add 3.5.0.0/16 dev vpn_8BB6_8BB62
sudo ip route add 52.88.0.0/13 dev vpn_8BB6_8BB62
sudo ip route add 52.216.0.0/14 dev vpn_8BB6_8BB62
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla Blue Plus) $
Thank you.
I don't understand the example "Customized Cron jobs". How do I add a custom cronjob and where. Can someone give a step-b-step example? Adding with "cronjob -e" the job is lost after restart of Firewalla.
Create a new file /home/pi/.firewalla/config/user_crontab, and add cronjobs to it. File format is the same as system cronjob.
It will be loaded as system cronjob when booting up.
Example:
You can reboot and test it. After the system is fully up, you can verify by crontab -l
@Sven you are correct you can't use cronjob -e.
1. create this file using your favorite editor.
Add your cron job(s) in there exactly as you would with cron.
2. Save the file.
3. Reboot firewalla.
4. Verify using
Can you please provide a method to trigger the merge of the user_crontab/* files at runtime without reboot?
For any one having issues checking custom crontabs, here is some additional steps the above guide does not provide:
Next restart firewalla; then check to ensure cronjob is present with this command:
You should now see the entries of user_crontab added to the bottom of the crontab for user "pi".
What about /etc/cron.{hourly|daily|monthly|weekly}/? Can I drop scripts in there to run in the specified intervals?
swrobel you should use user cron to schedule scripts. You can set any schedule you like.
Please sign in to leave a comment.