Custom Cron Job not Working. Help?

Started by mattlach, September 08, 2024, 11:33:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 08, 2024, 11:33:52 PM Last Edit: September 08, 2024, 11:44:18 PM by mattlach
Hi everyone,

So, I have a sneaky teenager in the house who would - if he could - play video games literally all night instead of sleeping.

Initially I solved this by putting his access on a separate interface using VLANs, and controlled access by just firewalling off all access to the WAN on a schedule using the firewall->Settings->schedule and assigning that schedule to a firewall rule in his VLAN.

However, after a couple of months he figured out that while this did not allow any new connections, it didn't terminate existing connections.    At first he would just start his game before the scheduled end time of internet access, but then he figured out he could use a free proxy/VPN and as long as he started it before the scheduled downtime went into effect, he had complete internet access.

So, to combat this, I decided to instead bring down the entire interface for his VLAN on a schedule using cron.

I created a couple of mini "scripts" in /usr/local/bin/ as follows:

wup.sh
Code Select

#!/bin/sh
ifconfig ix0_vlan5 up
exit 0
root@shut

wdown.sh
Code Select

#!/bin/sh
ifconfig ix0_vlan5 down
exit 0

Testing these scripts directly from the command line via SSH, they work as intended bringing the interface down and up again.

Then I decided to add these scripts to cron jobs using the example in this ancient thread.

I created the following conf file in /usr/local/opnsense/service/conf/actions.d/actions_vlan5updown.conf

Code Select

[wup]
command:/usr/local/bin/wup.sh
parameters:
type:script
message:Bring VLAN5 up
description: VLAN5 up

[wdown]
command:/usr/local/bin/wdown.sh
parameters:
type:script
message:Bring VLAN5 down
description: VLAN5 down


Then I restarted the config.d service:

Code Select
# service configd restart

And proceeded to test the actions:

Code Select

# configctl vlan5updown wup

and
Code Select

# configctl vlan5updown wdown


Both worked exactly as expected, bringing down the VLAN5 interface and bringing it back up again.

So, I know my "scripts" work, and I know my .conf file works pointing at those wup.sh and wdown.sh scripts successfully.

The next part - however - does not work as well.   Namely, the actual cron part.



This schedule was supposed to bring VLAN5 up at 9 in the morning this morning (Sunday), but it did nothing.  I had to go in manually via SSH and execute /usr/local/bin/wup.sh to get it going.

Can anyone tell me what I might have done wrong?    I have checked and double checked everything and I can't seem to figure out why it isn't working.

I am no stranger to using cron (though I usually do it under Linux using crontab, not with a web interface).

Is there something here that I've missed?

I'd appreciate any input.

Thanks,
Matt

EDIT:

My apologies,

looks like I can't seem to properly embed the image to show the whole thing.   Clicking on the filename in the attachments seems to work though.

EDIT2:

If I go to the command line and use crontab like I am used to, I find that it works and already has a few jobs in it:

Code Select

# crontab -l
# or /usr/local/etc/cron.d and follow the same format as
# /etc/crontab, see the crontab(5) manual page.
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
REQUESTS_CA_BUNDLE=/etc/ssl/cert.pem
#minute hour mday month wday command
1 * * * * (/usr/local/sbin/configctl -d syslog archive) > /dev/null
2 * * * * (/usr/local/sbin/expiretable -v -t 3600 sshlockout) > /dev/null
3 * * * * (/usr/local/sbin/expiretable -v -t 3600 virusprot) > /dev/null
4 * * * * (/usr/local/etc/rc.expireaccounts) > /dev/null
*/4 * * * * (/usr/local/sbin/ping_hosts.sh) > /dev/null
0 22 * * * (/usr/local/sbin/configctl -d firmware changelog cron) > /dev/null
* * * * * (test -e /var/db/rrd/updaterrd.sh && /usr/local/bin/flock -n -E 1 /var/db/rrd/updaterrd.sh /var/db/rrd/updaterrd.sh) > /dev/null
1,16,31,46 * * * * (/usr/bin/logger "reload filter for configured schedules" ; /usr/local/etc/rc.filter_configure) > /dev/null
1 3 1 * * (/usr/local/sbin/configctl -d filter schedule bogons) > /dev/null
* * * * * (/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py) > /dev/null

Notably, my cron jobs from the web interface are absent.

Maybe it executes them as a different user?   Maybe this is a permissions issue, and I need to change the owner/permissions of my scripts?    They are currently owned by root:wheel like everything else in /usr/local/bin, and I set permissions to 775:

Code Select

# ls -l /usr/local/bin/w*
-rwxrwxr-x  1 root wheel 41 Sep  7 18:58 /usr/local/bin/wdown.sh
-rwxrwxr-x  1 root wheel 39 Sep  7 19:00 /usr/local/bin/wup.sh


Are there different users/groups I should be using for these?

Appreciate any input.

--Matt





OPNSense running as a VM in KVM under Proxmox:
- Rocket Lake Xeon E2314 in a Supermicro X12STL-F.  
- IOMMU forwarded i210 Ethernet for WAN and x520 for LAN.
- Pi-hole running as separate LXC Container on same server. 
- Lots of VLAN's and tricky firewall rules.
September 09, 2024, 04:48:34 AM #1
So, I noticed that I used "00" instead of "0" in my minutes field. 

I wonder if that did it, so I went in and changed all of the '00"'s for "0"'s.

the 21:00 cronjob today worked.

I wonder if that was it, or maybe I just forgot to press the "Apply" button last time  ::)
OPNSense running as a VM in KVM under Proxmox:
- Rocket Lake Xeon E2314 in a Supermicro X12STL-F.  
- IOMMU forwarded i210 Ethernet for WAN and x520 for LAN.
- Pi-hole running as separate LXC Container on same server. 
- Lots of VLAN's and tricky firewall rules.
Print
Go Up Pages1
User actions