Iptables Mac Filtering

[andytof47]

Hi,

Just installed the new Firmware and all works well

I have Now set up a list of my favorite IPTABLES rules actually just mac filtering

and set the default policy to drop YAY It works

I set this rule in place first otherwise I am locked out (I mention this for the benefit of other people who might not know)

Code: Select all

 iptables -A INPUT -m mac --mac-source 00:14:BF:7A:4D:2D -j ACC

The mac of my card connected to the router

then

Code: Select all

iptables -P INPUT DROP

and then any other mac i might want and that acheives this

Code: Select all

/usr/local/sbin # iptables -n -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          multiport dports 161,162 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          multiple source IP (inv): 192.168.1.4, tcp dpt:22 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp dpt:69 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          multiple source IP (inv): 192.168.1.4, tcp dpt:21 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          multiple source IP (inv): 192.168.1.4, tcp dpt:80 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          multiple source IP (inv): 192.168.1.4, tcp dpt:23 
DROP       all  --  0.0.0.0/0            0.0.0.0/0          
DROP       all  --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          MAC 00:14:BF:7A:4D:2D 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          MAC 00:11:09:33:1E:FE 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            192.168.1.9        udp dpt:5060 
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.9        tcp dpt:5060 
ACCEPT     udp  --  0.0.0.0/0            192.168.1.4        udp dpt:33000 
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.4        tcp dpt:33000 
ACCEPT     udp  --  0.0.0.0/0            192.168.1.4        udp dpt:5060 
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.4        tcp dpt:5060 
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU 
DROP       all  --  0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       

I would really like to make this permanent and save it somehow (I don't care if it is a script on startup or whatever)

Also could I ask that this be added to the wishlist for the next Router Tech firmware e.g. a more accessible iptables from within the web gui -- - doesn't need to be completly gui but just something to pump in some commands and save them via the gui --- Cheers guys appreciate all the good work


Andy[/code]

[thechief]

The firmware's filesystem is a read-only squashfs filesystem, and there is no ready way to write to the flash chip. Your best bet is to use the autoexec feature to download a script to the router's /var directory and execute it from there.

[mstombs]

The firmware's filesystem is a read-only squashfs filesystem, and there is no ready way to write to the flash chip. Your best bet is to use the autoexec feature to download a script to the router's /var directory and execute it from there.

You forgot to say - "unless you would like to submit a patch that achieves this"!

What the OP would like is fairly standard in 3rd party Linksys WRT54G cable router firmware [NB not ADSL router] - startup and firewall scripts editable from web interface. I believe the 4Mb flash routers could allocate a bit of space for a writable partition?

BUT - I don't want to underestimate the work that this would need!

[andytof47]

Cheers Chief,

I thought that might be the way to do that for now.....


And I don't underestimate the amount of work that would go into integrating a feature like this into the firmware but if you could keep it in mind or write it on the wish list that would be great...


Thnaks:)

[thechief]

The firmware's filesystem is a read-only squashfs filesystem, and there is no ready way to write to the flash chip. Your best bet is to use the autoexec feature to download a script to the router's /var directory and execute it from there.

You forgot to say - "unless you would like to submit a patch that achieves this"!

What the OP would like is fairly standard in 3rd party Linksys WRT54G cable router firmware [NB not ADSL router] - startup and firewall scripts editable from web interface. I believe the 4Mb flash routers could allocate a bit of space for a writable partition?

BUT - I don't want to underestimate the work that this would need!

You could use JFSS2 filesystems and make the whole thing read/write. Or you could create a small JFFS2 partition and store persistent information there (you would lose a significant amount of space and RAM for this, and would have to remove some features to free up the space).

Neither option is viable for 2mb flash systems. Neither option is for the faint-hearted. Each option would require all users to repartition their flash chips for the JFFS2 filesystem. I would imagine that most of such attempts will result in bricks.

However, someone in this forum has succeeded in creating and using a JFFS2 partition (I am sure you will find all the references if you do a forum search for JFFS2). I personally found the process far too fiddly, and unsuitable for presentation to the average computer user.

[mstombs]

umm... I think there may be an easier way - the WRT does not use a file system to store scripts it puts them in lots of nvram variables, I'll experiment later. My idea is this:

1. Create a new small mtd5 partition say 64k (yes only for the brave, but could be done in future by firmware update- I see the mtd blocks get resized by the current firmware upgrade process).

2. After boot copy the whole 64k mtd5 block to a fixed length file in var/tmp say nvram.bin

3. create "nvram set" and "nvram read" commands to write/read strings to/from nvram.bin

4. create "nvram commit" to save current nvram.bin back to mtd5 using cp

I have seen a script file posted on www.hwupgrade.it by JackTheVendicator which implements these nvram commands for the adam2 bootloader - the only obvious thing missing from rt2.2 firmware is the "awk" command, but almost anything can done with "sed" so...

Any reason why this would not work?

[thechief]

What you are trying to do effectively is to create a pseudo filesystem. I am sure it can be done, because all you need is to create a "container" file, which will be copied back and forth "raw" (i.e, as a stream of bytes). You will then need to create a program to manage that pseudo filesystem. That is where things start getting complex. How will you configure this container? - as a series of fixed-sized records (with the attendant space wastage), or as a series of variable-sized records, or as a compressed volume (e.g., squashfs) or as an archive (e.g., tar.gz or zip or something else), or in some new way? How big will this management program (or driver) be? What else will need to be removed to make space for it?

IMHO, if you are going to do something like that, you might as well use JFSS2 - which is already available.

PS: are you sure that all that "nvram" stuff isn't simply saving things in the bootloader environment?

[mstombs]

I will see what I can do with the current RT2.2, just from the bash shell. I'm pretty sure you can store/ retrieve one file without any extra software. If this could be a compressed file then I would just expand it out into the ram file system in /var/tmp so no overhead other than the files themselves. I've see "tar" is already in the firmware - but guess it is only the decompress side?

[thechief]

I will see what I can do with the current RT2.2, just from the bash shell. I'm pretty sure you can store/ retrieve one file without any extra software. If this could be a compressed file then I would just expand it out into the ram file system in /var/tmp so no overhead other than the files themselves. I've see "tar" is already in the firmware - but guess it is only the decompress side?

Tar is already available in the firmware, and you can create .tar or .tar.gz archives with it. Managing your pseudo filesystem for reading and writing is one thing. Getting the firmware to read and store configuration information to/from it is quite another matter.

PS: the filesystem I was referring to above is JFFS2, not JSS2. But it is too fiddly to go and edit each post just to correct that.

[mstombs]

It worked!

Full of usual warnings - my 4Mb PSPboot non-wireless modem flash has >2Mb unused and my test modem has a working JTAG port, and this is a long post!. All commands below given and logged through serial console port + Hyperterminal.

1. Modify the mtd block arrangement to create mtd 5:

Code: Select all

From
(psbl) printenv
...
mtd4         	0x90020000,0x90400000
mtd0         	0x90096000,0x90400000
...

Commands typed in

(psbl) setenv mtd0 0x90096000,0x903F0000 
(psbl) setenv mtd5 0x903F0000,0x90400000
(psbl) setenv mtd4 0x90020000,0x903F0000  

to

(psbl) printenv
...
mtd0         	0x90096000,0x903F0000
mtd5         	0x903F0000,0x90400000
mtd4         	0x90020000,0x903F0000

Reboot and new partition automatomatically recognized

Code: Select all

(psbl) boot 
Booting...
Copyright (C) 2006 Merlion-ACORP Russia Software Company.
Launching kernel LZMA decompressor.
Kernel decompressor was successful ... launching kernel.

...
Looking for mtd device :mtd5:

Found a mtd5 image (0x3f0000), with size (0x10000).

Creating 1 MTD partitions on "Physically mapped flash:0":

0x003f0000-0x00400000 : "mtd5"

Looking for mtd device :mtd6:
...

Create a new temp directory and fill with various files copied from elsewhere on modem

Code: Select all

/var # cp /usr/local/sbin/* nvramdir/
/var # cp tmp/* nvramdir/
...
/var # ls -laF nvramdir 
drwxr-xr-x    1 0        0               0 Feb 27 14:50 ./
drwxr-xr-x    1 0        0               0 Feb 27 14:48 ../
-rw-r--r--    1 0        0              20 Apr 11 21:19 TZ
-rw-r--r--    1 0        0              58 Apr 11 21:19 bfilter_br0_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bfilter_br1_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bfilter_br2_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bridge_br0_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bridge_br1_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bridge_br2_mac
srwxr-xr-x    1 0        0               0 Apr 11 21:19 cm_logic.ctl=
srwxr-xr-x    1 0        0               0 Apr 11 21:19 cm_pc.ctl=
srwxr-xr-x    1 0        0               0 Apr 11 21:19 cm_webcm.ctl=
-rwxr-xr-x    1 0        0            2541 Apr 11 21:18 container-drv.sh*
-rwxr-xr-x    1 0        0             325 Apr 11 21:18 container-start.sh*
-rwxr-xr-x    1 0        0             229 Apr 11 21:18 create.sh*
-rwxr-xr-x    1 0        0             229 Apr 11 21:18 delete.sh*
-rwxr-xr-x    1 0        0             260 Apr 11 21:18 desc.sh*
-rwxr-xr-x    1 0        0             222 Apr 11 21:18 free_handle.sh*
-rwxr-xr-x    1 0        0             851 Apr 11 21:18 fw_advanced_security_start_test.sh*
-rwxr-xr-x    1 0        0             323 Apr 11 21:18 fw_advanced_security_stop_test.sh*
-rwxr-xr-x    1 0        0            4642 Apr 11 21:18 fw_functions.sh*
-rwxr-xr-x    1 0        0             305 Apr 11 21:18 fw_port_forwarding_start_test.sh*
-rwxr-xr-x    1 0        0             591 Apr 11 21:18 fw_rules.sh*
-rw-r--r--    1 0        0               0 Apr 11 21:19 gateways
-rwxr-xr-x    1 0        0             191 Apr 11 21:18 group_begin.sh*
-rwxr-xr-x    1 0        0             189 Apr 11 21:18 group_end.sh*
-rw-r--r--    1 0        0              49 Apr 11 21:19 hosts
-rw-r--r--    1 0        0              41 Apr 11 21:19 landhcps0.leases
-rw-r--r--    1 0        0               9 Apr 11 21:19 led.cfg
-rw-r--r--    1 0        0            3909 Apr 11 21:19 led.conf
-rw-r--r--    1 0        0              18 Apr 11 21:19 maca
-rw-r--r--    1 0        0              18 Apr 11 21:19 macc
-rwxr-xr-x    1 0        0            3018 Apr 11 21:18 mgr_functions.sh*
-rwxr-xr-x    1 0        0             908 Apr 11 21:18 mgr_test.sh*
-rwxr-xr-x    1 0        0             174 Apr 11 21:18 new_handle.sh*
-rw-r--r--    1 0        0              29 Apr 11 21:19 passwd
-rw-r--r--    1 0        0             216 Apr 11 21:19 pppHBdefault.conf
-rw-r--r--    1 0        0               0 Apr 11 21:19 pppHBdhcp.leases
-rwxr-xr-x    1 0        0             146 Apr 11 21:18 pppoa-create.sh*
-rwxr-xr-x    1 0        0             146 Apr 11 21:18 pppoe-create.sh*
-rw-r--r--    1 0        0            1283 Apr 11 21:19 profile
-rwxr-xr-x    1 0        0             256 Apr 11 21:18 pvc_vci.sh*
-rwxr-xr-x    1 0        0             256 Apr 11 21:18 pvc_vpi.sh*
-rw-r--r--    1 0        0              50 Apr 11 21:19 resolv.conf
-rwxr-xr-x    1 0        0             614 Apr 11 21:18 route_add.sh*
-rwxr-xr-x    1 0        0             500 Apr 11 21:18 route_del.sh*
-rw-r--r--    1 0        0              51 Apr 11 21:19 shadow
-rwxr-xr-x    1 0        0             170 Apr 11 21:18 static-create.sh*
-rwxr-xr-x    1 0        0            5832 Apr 11 21:19 test.sh*
-rwxr-xr-x    1 0        0             253 Apr 11 21:18 type.sh*
-rw-r--r--    1 0        0             210 Apr 11 21:19 udhcpd.conf
-rw-r--r--    1 0        0              44 Apr 11 21:19 udhcpd.delta

create tarball, nb only real files compressed

Code: Select all

/var # tar -cz -f nvramdir.tgz nvramdir/*
tar: nvramdir/cm_webcm.ctl: socket ignored
tar: nvramdir/cm_pc.ctl: socket ignored
tar: nvramdir/cm_logic.ctl: socket ignored

/var # ls -laF
drwxr-xr-x    1 0        0               0 Feb 27 14:48 ./
drwxr-xr-x   10 0        0              99 Feb 27 14:49 ../
drwxr-xr-x    1 0        0               0 Feb 27 14:44 cache/
drwxr-xr-x    1 0        0               0 Feb 27 14:44 dev/
drwxr-xr-x    1 0        0               0 Feb 27 14:44 flash/
drwxr-xr-x    1 0        0               0 Feb 27 14:44 lib/
drwxr-xr-x    1 0        0               0 Feb 27 14:44 lock/
drwxr-xr-x    1 0        0               0 Feb 27 14:44 log/
drwxr-xr-x    1 0        0               0 Feb 27 14:50 nvramdir/
-rw-r--r--    1 0        0            6890 Apr 11 21:25 nvramdir.tgz
drwxr-xr-x    1 0        0               0 Feb 27 14:44 proc/
drwxr-xr-x    1 0        0               0 Feb 27 14:44 run/
drwxr-xr-x    1 0        0               0 Feb 27 14:49 spool/
drwxr-xr-x    1 0        0               0 Feb 27 14:49 tmp/
-rwxr-xr-x    1 0        0           55688 Feb 27 14:48 upgrader*
drwxr-xr-x    1 0        0               0 Feb 27 14:48 var/

Save tarball to flash and reboot to see if it is still there...

Code: Select all

cp nvramdir.tgz /dev/mtdblock/5
...
/var # reboot
Restarting system.

Convert flash mtd block to a a file and check contents

Code: Select all

/var # dd if=/dev/mtdblock/5 of=/var/test2.tgz
128+0 records in
128+0 records out
/var # tar -tz -f test2.tgz
nvramdir/udhcpd.delta
nvramdir/udhcpd.conf
nvramdir/type.sh
nvramdir/test.sh
nvramdir/static-create.sh
nvramdir/shadow
nvramdir/route_del.sh
nvramdir/route_add.sh
nvramdir/resolv.conf
nvramdir/pvc_vpi.sh
nvramdir/pvc_vci.sh
nvramdir/profile
nvramdir/pppoe-create.sh
nvramdir/pppoa-create.sh
nvramdir/pppHBdhcp.leases
nvramdir/pppHBdefault.conf
nvramdir/passwd
nvramdir/new_handle.sh
nvramdir/mgr_test.sh
nvramdir/mgr_functions.sh
nvramdir/macc
nvramdir/maca
nvramdir/led.conf
nvramdir/led.cfg
nvramdir/landhcps0.leases
nvramdir/hosts
nvramdir/group_end.sh
nvramdir/group_begin.sh
nvramdir/gateways
nvramdir/fw_rules.sh
nvramdir/fw_port_forwarding_start_test.sh
nvramdir/fw_functions.sh
nvramdir/fw_advanced_security_stop_test.sh
nvramdir/fw_advanced_security_start_test.sh
nvramdir/free_handle.sh
nvramdir/desc.sh
nvramdir/delete.sh
nvramdir/create.sh
nvramdir/container-start.sh
nvramdir/container-drv.sh
nvramdir/bridge_br2_mac
nvramdir/bridge_br1_mac
nvramdir/bridge_br0_mac
nvramdir/bfilter_br2_mac
nvramdir/bfilter_br1_mac
nvramdir/bfilter_br0_mac
nvramdir/TZ

/var # ls -laF
...
-rw-r--r--    1 0        0           65536 Apr 11 21:31 test2.tgz
...

extract tarball and check contents - note properties preserved

Code: Select all

/var # tar -xz -f test2.tgz 
/var # ls -laF nvramdir
drwxr-xr-x    1 0        0               0 Apr 11 21:33 ./
drwxr-xr-x    1 0        0               0 Feb 27 14:48 ../
-rw-r--r--    1 0        0              20 Apr 11 21:19 TZ
-rw-r--r--    1 0        0              58 Apr 11 21:19 bfilter_br0_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bfilter_br1_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bfilter_br2_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bridge_br0_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bridge_br1_mac
-rw-r--r--    1 0        0              58 Apr 11 21:19 bridge_br2_mac
-rwxr-xr-x    1 0        0            2541 Apr 11 21:18 container-drv.sh*
-rwxr-xr-x    1 0        0             325 Apr 11 21:18 container-start.sh*
-rwxr-xr-x    1 0        0             229 Apr 11 21:18 create.sh*
-rwxr-xr-x    1 0        0             229 Apr 11 21:18 delete.sh*
-rwxr-xr-x    1 0        0             260 Apr 11 21:18 desc.sh*
-rwxr-xr-x    1 0        0             222 Apr 11 21:18 free_handle.sh*
-rwxr-xr-x    1 0        0             851 Apr 11 21:18 fw_advanced_security_start_test.sh*
-rwxr-xr-x    1 0        0             323 Apr 11 21:18 fw_advanced_security_stop_test.sh*
-rwxr-xr-x    1 0        0            4642 Apr 11 21:18 fw_functions.sh*
-rwxr-xr-x    1 0        0             305 Apr 11 21:18 fw_port_forwarding_start_test.sh*
-rwxr-xr-x    1 0        0             591 Apr 11 21:18 fw_rules.sh*
-rw-r--r--    1 0        0               0 Apr 11 21:19 gateways
-rwxr-xr-x    1 0        0             191 Apr 11 21:18 group_begin.sh*
-rwxr-xr-x    1 0        0             189 Apr 11 21:18 group_end.sh*
-rw-r--r--    1 0        0              49 Apr 11 21:19 hosts
-rw-r--r--    1 0        0              41 Apr 11 21:19 landhcps0.leases
-rw-r--r--    1 0        0               9 Apr 11 21:19 led.cfg
-rw-r--r--    1 0        0            3909 Apr 11 21:19 led.conf
-rw-r--r--    1 0        0              18 Apr 11 21:19 maca
-rw-r--r--    1 0        0              18 Apr 11 21:19 macc
-rwxr-xr-x    1 0        0            3018 Apr 11 21:18 mgr_functions.sh*
-rwxr-xr-x    1 0        0             908 Apr 11 21:18 mgr_test.sh*
-rwxr-xr-x    1 0        0             174 Apr 11 21:18 new_handle.sh*
-rw-r--r--    1 0        0              29 Apr 11 21:19 passwd
-rw-r--r--    1 0        0             216 Apr 11 21:19 pppHBdefault.conf
-rw-r--r--    1 0        0               0 Apr 11 21:19 pppHBdhcp.leases
-rwxr-xr-x    1 0        0             146 Apr 11 21:18 pppoa-create.sh*
-rwxr-xr-x    1 0        0             146 Apr 11 21:18 pppoe-create.sh*
-rw-r--r--    1 0        0            1283 Apr 11 21:19 profile
-rwxr-xr-x    1 0        0             256 Apr 11 21:18 pvc_vci.sh*
-rwxr-xr-x    1 0        0             256 Apr 11 21:18 pvc_vpi.sh*
-rw-r--r--    1 0        0              50 Apr 11 21:19 resolv.conf
-rwxr-xr-x    1 0        0             614 Apr 11 21:18 route_add.sh*
-rwxr-xr-x    1 0        0             500 Apr 11 21:18 route_del.sh*
-rw-r--r--    1 0        0              51 Apr 11 21:19 shadow
-rwxr-xr-x    1 0        0             170 Apr 11 21:18 static-create.sh*
-rwxr-xr-x    1 0        0            5832 Apr 11 21:19 test.sh*
-rwxr-xr-x    1 0        0             253 Apr 11 21:18 type.sh*
-rw-r--r--    1 0        0             210 Apr 11 21:19 udhcpd.conf
-rw-r--r--    1 0        0              44 Apr 11 21:19 udhcpd.delta

So I now have a non volatile storage area on my modem: - I need to create a couple of simple batch files. The storage to nvram must be manual (create, copy, delete tarball), but the recovery on every boot can be via autoexec functions (dd,untar,delete). The expanded size of the memory block is 64k in this example, so need at least double this ram spare at boot to be able to extract files.

And back to the OP it is possible with RT2.2 firmware, at least if you have similar modem to mine with 4Mb flash pspboot 16Mb ram... Hope this is of some use!

[thechief]

Good stuff . However, most non-wireless AR7 routers only have 2mb flash (with the exception of the 2MUE). There would normally be insufficient space left for a 64k mtd5. Wireless routers may have that amount of free space however.

Now the real work starts - you will need to write a driver to manage your new partition transparently. Otherwise, it will all have to be done manually, as you have detailed above.

[mstombs]

I will not be attempting to automatically mirror my directory to flash. I will give myself a "nvramdir commit" function which I can use in my own scripts to backup this user directory when the script requires it - hopefully just before I crash or lose contact with the modem with a script I created with vi on the router!

I am not sure how small you can make the mtd5, in my example above the 50+k of script file compressed to under 7k.

And I've seen the large DSL/ATM drivers you pad the wireless firmware with!

[thechief]

I am not sure either how small a partition can be.

The DSP/ATM drivers are not padding the wireless firmwares. With different lines, you can get very different connection speeds depending on the DSP and ATM driver you are using. So this just gives wireless users the option to select different drivers and see which gives them the best combination of performance plus reliability.

PS: "vi" is on its way out, unless there is sufficient demand to keep it.

With regard to the extra partition, I guess the most useful thing that could be done is to find a way to automate the creation of a partition (e.g., with a command "createmtd mtd6 65536" - to create a 64k mtd6 partition). If anyone feels like writing a script or a program to do so (with appropriate safety checks - e.g. to first ensure that there is sufficient space to create the new partition), then feel free to submit the patch.

[mstombs]

I've only just learnt to use vi. well "i" and "<esc>:wq" only - and I don't know how to delete lines so no great loss. Can I have ssh and use winscp instead though?

Here is my code (first time I ever used a case statement) for managing the nvramdir on my modem(s), with action commands disabled (so all error introduced by my post use editing!). Note I have discovered that tar will read accept the raw mtd block as input, no need to create the 64k temp file.

Code: Select all

#!/bin/sh
# -----------------------------------------------------------
# RouterTech AR7* Firmware Shell Script 
# Function: Manage a non volatile ram directory
# Author: 	mstombs
# Date: 	12 April 2007 Amended Friday 13th
# Usage:	NVRAMDIR create, install, commit, get
# -----------------------------------------------------------

flashmtd=/dev/mtdblock/5 
tmpfile=/var/tmp.tgz
# err on side of caution 64k allocated
maxsize=60000
FILESIZE=/var/nvramdir/filesize.sh

current_path="$PWD"
cd /var

case "$1" in
commit)
echo "creating tarball of nvramdir contents"
tar -cz -f $tmpfile nvramdir/*
#
#  checks on file size vs Flash mtd size
#
fsize=`$FILESIZE $tmpfile`
if [ $fsize -lt $maxsize ]; then
  echo "copying $fsize bytes to flash"
  cp $tmpfile $flashmtd
else
  echo "Error danger of overflowing $flashmtd tarball size $fsize limit $maxsize"
fi
echo "removing tempfile"
rm $tmpfile
;;

get)
echo "Uncompressing tarball to /var/nvramdir"
#tar -xzv -f $flashmtd -C /var
;;

install)
echo "creating nvramdir"
mkdir nvramdir
echo "adding our own autoexec.sh"
echo "#!/bin/sh" >nvramdir/autoexec.sh
echo 'echo "nvramdir autoexec - enter your own commands here"' >>nvramdir/autoexec.sh
chmod +x nvramdir/autoexec.sh
echo "copy self $0 to new nvramdir directory"
cd "$current_path"
cp $0 /var/nvramdir/nvramdir.sh
echo "first save of directory to flash"
chmod +x /var/nvramdir/nvramdir.sh
/var/nvramdir/nvramdir.sh commit
#
#  enabling autoexec function to automatically regenerate nvramdir
#
echo "enabling autoexec function"
#echo "tar -xz -f $flashmtd -C /var && /var/nvramdir/autoexec.sh" >/proc/ticfg/env 
;;

create)
echo "you really think I am going to do this for you?"
echo "current mtd settings are"
cat /proc/ticfg/env|grep ^mtd
# mess with mtd2 you will need JTAG to recover
# mess with mtd3 you may need JTAG to recover
# mess with mtd1 the router will not boot and will need PCTOOL to recover
# get these wrong you may really have a brick!
# the following are good only for Linksys ADSL2MUE with 4Mb flash, PSPboot bootloader, RT2.2 etc etc
#setenv mtd0 0x90096000,0x903F0000
#setenv mtd5 0x903F0000,0x90400000
#setenv mtd4 0x90020000,0x903F0000
echo "new mtd settings are"
cat /proc/ticfg/env|grep ^mtd
echo "Are you sure - if "yes" then I'll reboot?"
read yesorno
if [ "$yesorno" = "yes" ]; then 
  echo reboot;
  echo "Are you really sure - if "yes" then I'll really reboot?"
  read yesorno
  if [ "$yesorno" = "yes" ]; then 
#  reboot; 
  fi
fi
;;

*)
echo "Usage: "
echo "NVRAMDIR create - adjust environment variables for new mtd5 - dangerous"
echo "NVRAMDIR install - add dir, commit, autoexec functions mtd5 must exist"
echo "NVRAMDIR commit - saves nvramdir directory to flash"
echo "NVRAMDIR get - recovers and overwrites current directory from flash"
;;
esac

cd "$current_path"

I hope I not done too much to encourage those who do not know what they are doing to trash their routers!

But it works for me...

[thechief]

Cool However, other users should be warned to NOT try this at home. If you do, and you end up frying your router, you are on your own!