<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>port forwarding on foosel.net</title><link>https://foosel.net/tags/port-forwarding/</link><description>Recent content in port forwarding on foosel.net</description><generator>Hugo</generator><language>en-us</language><copyright>Gina Häußge (foosel)</copyright><lastBuildDate>Fri, 17 Feb 2023 00:00:00 +0000</lastBuildDate><atom:link href="https://foosel.net/tags/port-forwarding/feed.xml" rel="self" type="application/rss+xml"/><item><title>TIL: How to add a switch for a port forward on Unifi to Home Assistant</title><link>https://foosel.net/til/2023-02-17-how-to-add-a-switch-for-a-port-forward-on-unifi-to-home-assistant/</link><pubDate>Fri, 17 Feb 2023 00:00:00 +0000</pubDate><guid>https://foosel.net/til/2023-02-17-how-to-add-a-switch-for-a-port-forward-on-unifi-to-home-assistant/</guid><description>&lt;p&gt;This is admittedly something I did not learn today but rather learned and adapted a couple years ago &lt;a href="https://community.home-assistant.io/t/automating-unifi-port-forwarding-based-upon-presence-detection/168185"&gt;from this post on the Home Assistant forum&lt;/a&gt;, but I just had to use it again today and so I figured I&amp;rsquo;d write it down with all the bells and whistles just in case I ever need this information again - or anyone else does.&lt;/p&gt;
&lt;p&gt;First of all, in your unifi controller you should create a new user that Home Assistant will act as to manage your port forward(s) for you. So, log into the controller, go into Settings &amp;gt; Administrators and add a new Administrator user&lt;sup id="fnref:1"&gt;&lt;a href="#fn:1" class="footnote-ref" role="doc-noteref"&gt;1&lt;/a&gt;&lt;/sup&gt;.&lt;/p&gt;</description><content:encoded><![CDATA[<p>This is admittedly something I did not learn today but rather learned and adapted a couple years ago <a href="https://community.home-assistant.io/t/automating-unifi-port-forwarding-based-upon-presence-detection/168185">from this post on the Home Assistant forum</a>, but I just had to use it again today and so I figured I&rsquo;d write it down with all the bells and whistles just in case I ever need this information again - or anyone else does.</p>
<p>First of all, in your unifi controller you should create a new user that Home Assistant will act as to manage your port forward(s) for you. So, log into the controller, go into Settings &gt; Administrators and add a new Administrator user<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>.</p>
<p>Then create your port forward in Settings &gt; Routing &amp; Firewall &gt; Port Forwarding. Take note of the id of the port forward you have created - you can find it by clicking edit on it again, it will be the number at the end of the URL of the edit page. E.g. if the URL looks like this: <code>https://my.unifi.controller/manage/site/default/settings/portforward/edit/1234567890</code> then this is the id of the port forward: <code>1234567890</code>.</p>
<p>Next, copy this shell script to <code>/config/scripts/unifi.sh</code> in your Home Assistant. Make sure to adjust <code>https://my.unifi.controller</code> (and, if necessary, the site <code>default</code>) to your own values.</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">#!/bin/sh
</span></span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>set -e
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#75715e"># based on https://community.home-assistant.io/t/automating-unifi-port-forwarding-based-upon-presence-detection/168185</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>cookie<span style="color:#f92672">=</span><span style="color:#66d9ef">$(</span>mktemp<span style="color:#66d9ef">)</span>
</span></span><span style="display:flex;"><span>headers<span style="color:#f92672">=</span><span style="color:#66d9ef">$(</span>mktemp<span style="color:#66d9ef">)</span>
</span></span><span style="display:flex;"><span>curl_cmd<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;curl --silent --cookie </span><span style="color:#e6db74">${</span>cookie<span style="color:#e6db74">}</span><span style="color:#e6db74"> --cookie-jar </span><span style="color:#e6db74">${</span>cookie<span style="color:#e6db74">}</span><span style="color:#e6db74"> -D </span><span style="color:#e6db74">${</span>headers<span style="color:#e6db74">}</span><span style="color:#e6db74"> --insecure&#34;</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>BASEURL<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;https://my.unifi.controller&#34;</span>
</span></span><span style="display:flex;"><span>SITE<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;default&#34;</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>auth<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span>  USERNAME<span style="color:#f92672">=</span>$1
</span></span><span style="display:flex;"><span>  PASSWORD<span style="color:#f92672">=</span>$2
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#75715e"># authenticate against unifi controller</span>
</span></span><span style="display:flex;"><span>  <span style="color:#e6db74">${</span>curl_cmd<span style="color:#e6db74">}</span> --output /dev/null -d <span style="color:#e6db74">&#34;{\&#34;username\&#34;:\&#34;</span>$USERNAME<span style="color:#e6db74">\&#34;, \&#34;password\&#34;:\&#34;</span>$PASSWORD<span style="color:#e6db74">\&#34;}&#34;</span> $BASEURL/api/login
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#75715e"># grab the `x-csrf-token` and strip the newline (added when upgraded to controller 6.1.26)</span>
</span></span><span style="display:flex;"><span>  csrf<span style="color:#f92672">=</span><span style="color:#e6db74">&#34;</span><span style="color:#66d9ef">$(</span>awk -v FS<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;: &#39;</span> <span style="color:#e6db74">&#39;/^x-csrf-token/{print $2}&#39;</span> <span style="color:#e6db74">&#34;</span><span style="color:#e6db74">${</span>headers<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> | tr -d <span style="color:#e6db74">&#39;\r&#39;</span><span style="color:#66d9ef">)</span><span style="color:#e6db74">&#34;</span>
</span></span><span style="display:flex;"><span>  echo $csrf
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>portfwd<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span>  USERNAME<span style="color:#f92672">=</span>$1
</span></span><span style="display:flex;"><span>  PASSWORD<span style="color:#f92672">=</span>$2
</span></span><span style="display:flex;"><span>  FORWARD_ID<span style="color:#f92672">=</span>$3
</span></span><span style="display:flex;"><span>  FORWARD_ENABLED<span style="color:#f92672">=</span>$4
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#75715e"># authenticate against unifi controller</span>
</span></span><span style="display:flex;"><span>  csrf<span style="color:#f92672">=</span><span style="color:#66d9ef">$(</span>auth $USERNAME $PASSWORD<span style="color:#66d9ef">)</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#75715e"># enable/disable firewall rule</span>
</span></span><span style="display:flex;"><span>  body<span style="color:#f92672">=</span><span style="color:#66d9ef">$(</span><span style="color:#e6db74">${</span>curl_cmd<span style="color:#e6db74">}</span> -X GET $BASEURL/api/s/default/rest/portforward/$FORWARD_ID | jq <span style="color:#e6db74">&#39;.data[0] | .enabled=&#39;</span>$FORWARD_ENABLED<span style="color:#e6db74">&#39;&#39;</span><span style="color:#66d9ef">)</span>
</span></span><span style="display:flex;"><span>  <span style="color:#e6db74">${</span>curl_cmd<span style="color:#e6db74">}</span> -X PUT $BASEURL/api/s/default/rest/portforward/$FORWARD_ID -H <span style="color:#e6db74">&#34;Content-Type: application/json&#34;</span> -H <span style="color:#e6db74">&#34;x-csrf-token: </span><span style="color:#e6db74">${</span>csrf<span style="color:#e6db74">}</span><span style="color:#e6db74">&#34;</span> -d @&lt;<span style="color:#f92672">(</span>echo <span style="color:#e6db74">&#34;</span>$body<span style="color:#e6db74">&#34;</span><span style="color:#f92672">)</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>isportfwd<span style="color:#f92672">()</span> <span style="color:#f92672">{</span>
</span></span><span style="display:flex;"><span>  USERNAME<span style="color:#f92672">=</span>$1
</span></span><span style="display:flex;"><span>  PASSWORD<span style="color:#f92672">=</span>$2
</span></span><span style="display:flex;"><span>  FORWARD_ID<span style="color:#f92672">=</span>$3
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#75715e"># authenticate against unifi controller</span>
</span></span><span style="display:flex;"><span>  csrf<span style="color:#f92672">=</span><span style="color:#66d9ef">$(</span>auth $USERNAME $PASSWORD<span style="color:#66d9ef">)</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#e6db74">${</span>curl_cmd<span style="color:#e6db74">}</span> -X GET $BASEURL/api/s/default/rest/portforward/$FORWARD_ID | jq <span style="color:#e6db74">&#39;.data[0].enabled&#39;</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">}</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#e6db74">&#34;</span>$@<span style="color:#e6db74">&#34;</span>
</span></span></code></pre></div><p>Now, let&rsquo;s imagine you want to add a switch for an SFTP port forward that you&rsquo;ve just created. Then, in your <code>secrets.yaml</code> file, add the following:</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">unifi_forward_sftp_check</span>: <span style="color:#e6db74">&#39;/bin/bash /config/scripts/unifi.sh isportfwd &lt;user&gt; &lt;password&gt; &lt;forward_id&gt;&#39;</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">unifi_forward_sftp_enable</span>: <span style="color:#e6db74">&#39;/bin/bash /config/scripts/unifi.sh portfwd &lt;user&gt; &lt;password&gt; &lt;forward_id&gt; true&#39;</span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">unifi_forward_sftp_disable</span>: <span style="color:#e6db74">&#39;/bin/bash /config/scripts/unifi.sh portfwd &lt;user&gt; &lt;password&gt; &lt;forward_id&gt; false&#39;</span>
</span></span></code></pre></div><p>Replace <code>&lt;user&gt;</code>, <code>&lt;password&gt;</code> and <code>&lt;forward_id&gt;</code> with the login credentials and id of the forward you just created.</p>
<p>Next, add a command line switch definition to your <code>configuration.yaml</code> (or in my case to my <code>packages/network.yaml</code> file):</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">switch</span>:
</span></span><span style="display:flex;"><span>  - <span style="color:#f92672">platform</span>: <span style="color:#ae81ff">command_line</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">switches</span>: 
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">sftp_port_forward</span>:
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">friendly_name</span>: <span style="color:#e6db74">&#34;SFTP Port Forward&#34;</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">command_state</span>: !<span style="color:#ae81ff">secret unifi_forward_sftp_check</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">command_on</span>: !<span style="color:#ae81ff">secret unifi_forward_sftp_enable</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">command_off</span>: !<span style="color:#ae81ff">secret unifi_forward_sftp_disable</span>
</span></span><span style="display:flex;"><span>        <span style="color:#f92672">value_template</span>: <span style="color:#e6db74">&#39;{{ bool(value, false) }}&#39;</span>
</span></span></code></pre></div><p>Throw that somewhere on your dashboard, or alternatively tie it into some automation, and you&rsquo;re good to go!</p>
<div class="footnotes" role="doc-endnotes">
<hr>
<ol>
<li id="fn:1">
<p>Maybe a regular user suffices as well, I honestly can&rsquo;t remember, but I&rsquo;m using an admin user here.&#160;<a href="#fnref:1" class="footnote-backref" role="doc-backlink">&#x21a9;&#xfe0e;</a></p>
</li>
</ol>
</div>
]]></content:encoded></item></channel></rss>