Running custom scripts?

[ember1205]

I want my firewall to "check in" via REST API calls at boot and shutdown to an external system. At the system level, I only need to execute a curl command, but I don't know:

A) Does the root user's crontab persist "as is" across firmware updates, or is that overwritten?

B) Is there a suggested directory on the system to put a custom script into so that it doesn't get removed by the system or lost across udpates?

C) Is there a more preferable way to implement this sort of thing? The "Settings" area looks like an ideal to offer this sort of thing (especially via the Cron section) but I'm not seeing where I can run a custom script - only canned ones.

[franco]

Hi,

Take a look at https://docs.opnsense.org/development/backend/autorun.html

Using other methods runs the risk of being reverted on reboot or update.


Cheers,
Franco

[ember1205]

Thank you... This seems to be what I was trying to find for info.

Based on my description above for when these would need to run, it seems I should use the subdirectories of "start" and "stop"?

These should just be normal bash scripts (or similar) - correct?

[franco]

Yes, start and stop. You can drop any executables into these directory, but of course scripts make the most sense. If you have strict "bash" scripts don't forget to install bash, otherwise POSIX shell/Python/Perl/PHP are all available by default.


Cheers,
Franco

[franco]

PS: Might be easier to see than to talk about it... https://github.com/opnsense/core/tree/master/src/etc/rc.syshook.d/start

[ember1205]

Thanks.

Since these are just direct CURL statements with json data and a URL, and I don't care about whatever gets returned, it really doesn't matter if I call them in bash, sh, or whatever...

I'm going to be making a call against a Z-Wave controller to set the device state of a 'virtual switch' within the controller. That way, the controller can use the device state change (on->off / off->on) as a trigger to do other work.

Right now, I have a scene that powers my internet modem off, then powers my router off, then powers my modem on, then powers my router on. Since I'm moving away from the consumer grade router to a full-fledged firewall, I want to be able to have the FW register when it's powered up versus powered down to control the timing of the other switch controls.

One other piece of what I'm looking for is whether there is a way to make a REST/API call -TO- the firewall to tell it to power down.

[ember1205]

Well, that took me about two minutes to SSH in and drop both scripts in place to do what I want. I can now monitor the status of my firewall directly from the Z-Wave controller based on the last connection made by the firewall.

Now... What about the periodic cron entries? I'd like to set up an hourly cron job to run the script I installed in the 'start' directory to ensure that the Z-Wave controller will get updated as to the status of the firewall being up within 60 minutes of the controller booting up (assuming it may have been offline when the firewall booted up).

Is there a safe way to add that sort of cron entry that will allow it to persist across updates? I've noticed that this system does not have an 'hourly' repository - daily is the most frequent.