Multiple sections with same identifier
varac opened this issue · 2 comments
varac commented
Hi, Thanks for your nice role!
I am uci quite much but I got stuck when I tried to add another firewall zone.
Firewall zones are configured like this:
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
And I cannot find a way how to add a new one - can you help me please ?
varac commented
This openwrt openvpn example adds a new zone like this:
# a new firewall zone (for VPN):
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='providervpn'
# enable forwarding from LAN to VPN:
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
varac commented
Found it myself:
- name: Add new firewall zone
tags:
- uci
- firewall
uci:
command: add
key: firewall
type: 'zone'
replace: yes
- name: Configure vpnclient firewall zone
tags:
- uci
- firewall
uci:
command: set
key: 'firewall.@zone[-1]'
value:
name: 'vpnclient'
input: 'REJECT'
output: 'ACCEPT'
forward: 'REJECT'
masq: '1'
mtu_fix: '1'
network: 'vpnclient'