Persisting The Configuration
OK I want to have a persisting configuration, so I created a file iperf3.sh in the /home/pi/.firewalla/config/post_main.d/ directory, but this does not work.
Any recommendations on how to make this work here, which permission should I use on this file?
Anybody has a working configuration out there?
-
Indeed,
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla) $ ls -al
total 16
drwxr-xr-x 2 root root 4096 Oct 4 18:28 .
drwxr-xr-x 10 pi pi 4096 Oct 4 17:34 ..
-rwxr-xr-x 1 root root 38 Oct 3 14:46 iperf3.sh
-rw-r--r-- 1 root root 308 Oct 4 18:28 start_pi_hole.sh
None of these work for whatever reasons.
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla) $ sudo vi iperf3.sh
#!/bin/bash
sudo iperf3 -s -p 999 &
So why isn'it it working here...
-
pi@Firewalla:~/.firewalla/config/post_main.d (Firewalla) $ sudo vi start_pi_hole.sh
sudo systemctl start docker
sudo ipset create -! docker_lan_routable_net_set hash:net
sudo ipset add -! docker_lan_routable_net_set 172.16.0.0/24
sudo ipset create -! docker_wan_routable_net_set hash:net
sudo ipset add -! docker_wan_routable_net_set 172.16.0.0/24
sudo systemctl start docker-compose@pi-hole
~
-
The following answers were generated with AI but verified as valid explanations. And their output is better formatted than mine would have been:)
The scripts in the directory ~/.firewalla/config/post_main.d are intended to run automatically after Firewalla's main system initialization. If your scripts (iperf3.sh and start_pi_hole.sh) aren't executing correctly, it's likely due to one or more of the following reasons:
1. Script File Permissions and Ownership
Although your listing shows the following permissions:
-rwxr-xr-x 1 root root 38 Oct 3 14:46 iperf3.sh
-rw-r--r-- 1 root root 308 Oct 4 18:28 start_pi_hole.shIssue: start_pi_hole.sh lacks executable permissions, preventing it from running automatically.
Correction: Set execute permissions explicitly for both scripts:
sudo chmod +x ~/.firewalla/config/post_main.d/start_pi_hole.sh
sudo chmod +x ~/.firewalla/config/post_main.d/iperf3.sh2. Improper Use of sudo Within Scripts
Your scripts include commands starting with sudo. However, Firewalla's startup scripts already execute with root privileges. Thus, calling sudo is redundant and could cause problems due to interactive prompts or environment path issues.
Issue: Your script currently contains:
#!/bin/bash
sudo iperf3 -s -p 999 &Correction: Remove sudo entirely to ensure proper execution:
#!/bin/bash
iperf3 -s -p 999 &Apply similar corrections to start_pi_hole.sh:
#!/bin/bash
systemctl start docker
ipset create -! docker_lan_routable_net_set hash:net
ipset add -! docker_lan_routable_net_set 172.16.0.0/24
ipset create -! docker_wan_routable_net_set hash:net
ipset add -! docker_wan_routable_net_set 172.16.0.0/24
systemctl start docker-compose@pi-hole3. Background Execution Without Proper Output Handling
The command iperf3 -s -p 999 & runs iperf3 in the background but might terminate prematurely when the parent script ends.
Issue: Processes started in background (&) may terminate when the initiating script completes.
Correction: Ensure the process continues running by using nohup and output redirection:
#!/bin/bash
nohup iperf3 -s -p 999 >/dev/null 2>&1 &4. Verify that Required Services Exist and Are Installed
Ensure that the required binaries (iperf3, docker, docker-compose) are correctly installed and accessible via their absolute paths. Firewalla’s startup environment may differ from your interactive shell environment.
To confirm binary locations, use:
which iperf3
which docker
which docker-composeThen update your script using absolute paths if necessary, for instance:
#!/bin/bash
nohup /usr/bin/iperf3 -s -p 999 >/dev/null 2>&1 &5. Logs and Debugging Output
Check logs for errors after startup. Typically, Firewalla logs are located in standard Linux logging locations:
Check journal logs:
sudo journalctl -xe | grep -i "iperf3\|docker"
Check syslog:
sudo cat /var/log/syslog | grep -i "iperf3\|docker"
These commands might show errors related to permissions, missing binaries, or command failures.
---
Recommended Complete Procedure:
1. Correct File Permissions
sudo chmod +x ~/.firewalla/config/post_main.d/*.sh
2. Modify Scripts Appropriately iperf3.sh:
#!/bin/bash
nohup /usr/bin/iperf3 -s -p 999 >/dev/null 2>&1 &start_pi_hole.sh:
#!/bin/bash
systemctl start docker
ipset create -! docker_lan_routable_net_set hash:net
ipset add -! docker_lan_routable_net_set 172.16.0.0/24
ipset create -! docker_wan_routable_net_set hash:net
ipset add -! docker_wan_routable_net_set 172.16.0.0/24
systemctl start docker-compose@pi-hole3. Test Execution Manually First Run manually to confirm no errors:
sudo ~/.firewalla/config/post_main.d/iperf3.sh
sudo ~/.firewalla/config/post_main.d/start_pi_hole.sh4. Restart Firewalla to Confirm Automatic Execution Reboot your Firewalla device to confirm scripts run automatically.
---
Conclusion and Explanation of Initial Problem:
The primary reason your scripts were not running automatically:
sudo commands within scripts initiated at startup by root are unnecessary and problematic.
Lack of execute permission (chmod +x) prevented scripts from running.
Background tasks should be launched with proper detachment (nohup) to prevent premature termination.
Following these detailed guidelines will rectify the script execution issues on your Firewalla device.
Please sign in to leave a comment.
Comments
4 comments