Posted: Tue Apr 20, 2010 0:56 Post subject: Save nvram space, compress your firewall script
If you're one of the few people running out of nvram space due to huge firewall scripts, I wrote some commands to compress/decompress it. My ~4KB firewall script (custom written QoS) got reduced to ~1KB with it. The compressed data is even smaller but it has to be base64 encoded so that it's safe to store in nvram which makes it ~33% bigger.
Usage:
Run the "Compress Firewall" set of commands to compress your real firewall script and change the firewall script to decompress and execute your compressed firewall script. If you ever want to view/edit your firewall commands then run the "Decompress Firewall" commands to have it decompressed. You can use the "Editing the Firewall" commands to safely edit it before recompressing it.
After running the decompression commands it will tell you how much nvram you have left, if it's negative then stay out of the GUI to avoid committing nvram! Instead use the "Editing the Firewall" commands via telnet/ssh so that you can compress it before committing.
When you're done and you want to save it through reboots then make sure that there is free space left and then run nvram commit.
# Compress Firewall
nvram set pH_fw="`nvram get rc_firewall | gzip | uuencode -m /dev/stdout`"
nvram set rc_firewall="nvram get pH_fw | uudecode -o /tmp/pH_fw.gz;gunzip /tmp/pH_fw.gz;chmod +x /tmp/pH_fw;/tmp/pH_fw"
nvram show >/dev/null
# Decompress Firewall
nvram get pH_fw | uudecode -o /tmp/pH_fw.gz
nvram unset pH_fw
gunzip /tmp/pH_fw.gz
nvram set rc_firewall="`cat /tmp/pH_fw`"
nvram show >/dev/null
# Editing the Firewall
vi /tmp/pH_fw
# finish editing with vi before running the rest
nvram set rc_firewall="`cat /tmp/pH_fw`"
nvram show >/dev/null _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Tue Apr 20, 2010 4:09 Post subject:
ZOMG, What would we do without your naked body phuzi0n? .... hmmm, we would probably survive like we always have without it .... moving on ...
Good job phuzi0n. I am sure many will find good use for your scripts. I am just curious though ... how long did it take to think up this interesting solution? _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
ZOMG, What would we do without your naked body phuzi0n? .... hmmm, we would probably survive like we always have without it .... moving on ...
Good job phuzi0n. I am sure many will find good use for your scripts. I am just curious though ... how long did it take to think up this interesting solution?
lol
I've been mulling around the basic idea for many months but this is a compromise that's easy to implement. What I'd really like is to rewrite the nvram app to compress any variables that the CFE itself doesn't use... _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
I like this, but in newer releases uudecode/uuencode is missing. Is there any other way how to get it done?
Installing anything using ipkg isn't a way, because on my router, it is not included in ROM. I want to use nvram to save ipkg script there. Ideally compressed. But for that, I need to convert it to ASCII.