InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcPortName: ALL
could you help me how do i add these commands in GenieAcs,
I was indicated that I have to add it to the file “genieacs.yaml” but I haven’t found this file on my server yet, if anyone can help, I’ll be grateful.
If you don’t have this parameters in you device’s tree, you can try yo update a shallowest parameter, like InternetGatewayDevice.X_HW_Security.AclServices, or just set the value in a provision, like this:
// Enable ACL
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.AccessControlListEnable',
{ value: now },
{ value: true },
)
// Create ACL
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.*',
null,
{ path: 1 },
)
// Update created ACL parameters
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1',
{ path: now },
)
// Enable remote access from TELNET, HTTP, SSH, ICMP and SAMBA
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.ServicePort',
{ value: now },
{ value: 'TELNET,HTTP,SSH,ICMP,SAMBA' },
)
// Set source IP to our range
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcIp',
{ value: now },
{ value: 'your-range' },
)
// Set source port type to WAN
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcPortType',
{ value: now },
{ value: '2' },
)
// Set port name to all
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcPortName',
{ value: now },
{ value: 'ALL' },
)
// Set mode to permit
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.Mode',
{ value: now },
{ value: '0' },
)
For sure, you need to add this in a provision in Admin > Provision.
After this you create a new Preset with the Event and Precondition you want, for exemple:
Event: 6 CONNECTION REQUEST
Precondition: Tags.webAccess <> “null”
It means that this provision will running only in CPE that have this tag in a Connection request event.
Do not use the script from @Felipe. It does not take into account that the instance id can change. Instance values are never guaranteed.
Use this:
const now = Date.now();
// Enable ACLs
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.AccessControlListEnable',
{ value: now },
{ value: true },
)
// Create the ACL
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All]',
{ path: 1 }, {path: 1}
)
// Enable remote access from TELNET, HTTP, SSH, ICMP and SAMBA
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].ServicePort',
{ value: now },
{ value: 'TELNET,HTTP,SSH,ICMP,SAMBA' },
)
// Set source IP to our range
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].SrcIp',
{ value: now },
{ value: 'your-range' },
)
// Set source port type to WAN
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].SrcPortType',
{ value: now },
{ value: 2 },
)
// Set port name to all
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].SrcPortName',
{ value: now },
{ value: 'ALL' },
)
// Set mode to permit
declare(
'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].Mode',
{ value: now },
{ value: 0 },
)