dynamic-infra-tooling/infra_cli/router.py

from .ssh import SSHClient
import os

class RouterManager:
    def __init__(self, config):
        self.host = config.get('router.host')
        self.user = config.get('router.user', 'root')
        self.ssh_key = config.get('router.ssh_key')
        self.password = os.environ.get("ROUTER_PASS")
        self.client = SSHClient(self.host, self.user, self.ssh_key, self.password)

    def run_uci(self, cmds):
        res = self.client.run(cmds)
        if res.returncode != 0:
            raise RuntimeError(f"UCI command failed: {res.stderr}")
        return res

    def add_forward(self, name, proto, ext_port, int_ip, int_port):
        config_name = name.lower().replace(" ", "_").replace("-", "_")
        
        cmds = f"uci set firewall.{config_name}=redirect; " \
               f"uci set firewall.{config_name}.name='{name}'; " \
               f"uci set firewall.{config_name}.proto='{proto}'; " \
               f"uci set firewall.{config_name}.src='wan'; " \
               f"uci set firewall.{config_name}.dest='lan'; " \
               f"uci set firewall.{config_name}.src_dport='{ext_port}'; " \
               f"uci set firewall.{config_name}.dest_ip='{int_ip}'; " \
               f"uci set firewall.{config_name}.dest_port='{int_port}'; " \
               f"uci set firewall.{config_name}.target='DNAT'; " \
               f"uci commit firewall; " \
               f"/etc/init.d/firewall reload"
        
        self.run_uci(cmds)

    def remove_forward(self, section_name):
        cmds = f"uci delete firewall.{section_name}; uci commit firewall; /etc/init.d/firewall reload"
        self.run_uci(cmds)

    def list(self):
        # Get sections
        res = self.client.run("uci show firewall | grep '=redirect' | cut -d. -f2 | cut -d= -f1 | sort | uniq")
        sections = res.stdout.strip().split('\n')
        
        results = []
        for section in sections:
            if not section: continue
            name = self.client.run(f"uci get firewall.{section}.name", capture=True).stdout.strip()
            proto = self.client.run(f"uci get firewall.{section}.proto", capture=True).stdout.strip()
            port = self.client.run(f"uci get firewall.{section}.src_dport", capture=True).stdout.strip()
            dest = self.client.run(f"uci get firewall.{section}.dest_ip", capture=True).stdout.strip()
            results.append({
                "section": section,
                "name": name,
                "proto": proto,
                "port": port,
                "dest": dest
            })
        return results
initial commit: dynamic infra tooling cli 2026-02-05 11:29:34 +01:00			`from .ssh import SSHClient`
			`import os`

			`class RouterManager:`
			`def __init__(self, config):`
			`self.host = config.get('router.host')`
			`self.user = config.get('router.user', 'root')`
			`self.ssh_key = config.get('router.ssh_key')`
			`self.password = os.environ.get("ROUTER_PASS")`
			`self.client = SSHClient(self.host, self.user, self.ssh_key, self.password)`

			`def run_uci(self, cmds):`
			`res = self.client.run(cmds)`
			`if res.returncode != 0:`
			`raise RuntimeError(f"UCI command failed: {res.stderr}")`
			`return res`

			`def add_forward(self, name, proto, ext_port, int_ip, int_port):`
			`config_name = name.lower().replace(" ", "_").replace("-", "_")`

			`cmds = f"uci set firewall.{config_name}=redirect; " \`
			`f"uci set firewall.{config_name}.name='{name}'; " \`
			`f"uci set firewall.{config_name}.proto='{proto}'; " \`
			`f"uci set firewall.{config_name}.src='wan'; " \`
			`f"uci set firewall.{config_name}.dest='lan'; " \`
			`f"uci set firewall.{config_name}.src_dport='{ext_port}'; " \`
			`f"uci set firewall.{config_name}.dest_ip='{int_ip}'; " \`
			`f"uci set firewall.{config_name}.dest_port='{int_port}'; " \`
			`f"uci set firewall.{config_name}.target='DNAT'; " \`
			`f"uci commit firewall; " \`
			`f"/etc/init.d/firewall reload"`

			`self.run_uci(cmds)`

			`def remove_forward(self, section_name):`
			`cmds = f"uci delete firewall.{section_name}; uci commit firewall; /etc/init.d/firewall reload"`
			`self.run_uci(cmds)`

			`def list(self):`
			`# Get sections`
			`res = self.client.run("uci show firewall \| grep '=redirect' \| cut -d. -f2 \| cut -d= -f1 \| sort \| uniq")`
			`sections = res.stdout.strip().split('\n')`

			`results = []`
			`for section in sections:`
			`if not section: continue`
			`name = self.client.run(f"uci get firewall.{section}.name", capture=True).stdout.strip()`
			`proto = self.client.run(f"uci get firewall.{section}.proto", capture=True).stdout.strip()`
			`port = self.client.run(f"uci get firewall.{section}.src_dport", capture=True).stdout.strip()`
			`dest = self.client.run(f"uci get firewall.{section}.dest_ip", capture=True).stdout.strip()`
			`results.append({`
			`"section": section,`
			`"name": name,`
			`"proto": proto,`
			`"port": port,`
			`"dest": dest`
			`})`
			`return results`