azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unifi-wifi: add gw-control.sh — gateway router actions (port-forward + WAN firewall)

Browse Source 
The write companion to gw-audit. Closes/scopes internet-facing port-forwards and
toggles WAN firewall rules at the USG/UXG/UDM via the RW controller REST admin.

Actions: pf-list / pf-disable / pf-enable / pf-delete / pf-set-ports / pf-set-src,
fw-list / fw-disable / fw-enable, block-ips (WAN address-group + WAN_IN drop rule).
Reads via Mongo (no cred); writes via login->CSRF->REST (rest/portforward,
rest/firewallrule, rest/firewallgroup). DRY-RUN default, --apply gated on
infrastructure/uos-server-network-api-rw, rollback saved to .claude/tmp.

Dry-run validated on Grabb & Durando (USG-3P): identifies the live "VPN" forward
(80,443,1723 -> 192.168.242.200) + the "GRE" WAN_IN accept that back an
internet-exposed, brute-forced PPTP. Closes the ROADMAP firewall/port-forward item.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-06-16 07:35:55 -07:00
parent 48592bd16b
commit eb87710b9a
4 changed files with 258 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
errorlog.md
View File

@@ -19,6 +19,8 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
2026-06-16 | Howard-Home | bash/curl.exe-on-windows | [friction] PowerShell-invoked curl.exe strips embedded double-quotes from --data-urlencode args (CommandLineToArgvW), silently mangling POST bodies; pfSense PHP became 'echo PHPRUNS-OK' -> 'Undefined constant'. Fix: write payloads with single-quotes only, build $ via [char]36, keep one line. [ctx: ref=pfsense diag_command.php php-exec; cost=4 wasted RMM round-trips]
2026-06-16 | GURU-5070 | remediation-tool/get-token | [friction] get-token.sh reads vault_path from ~/.claude/identity.json (home), which lacks the field on this machine; repo identity.json (.claude/identity.json) has it. Fix: export VAULT_ROOT_ENV=$(jq -r .vault_path .claude/identity.json) before calling get-token [ctx: ref=remediation-tool;machine=GURU-5070]
2026-06-15 | GURU-5070 | rmm/quickbooks-folderbrowser | [correction] assumed F:FolderRedirection was a dead/missing drive (Test-Path F: = False under SYSTEM); correct: F: is a per-user NETWORK-mapped redirected folder, invisible to the SYSTEM context RMM runs in - must diagnose mapped-drive/redirect issues in user_session
2026-06-15 | GURU-5070 | rmm | ProfWiz Pro silent-install command returned 'Execution error: Failed to execute command' (status failed, no stdout) on SP-SharonW11 [ctx: agent=86de13d7 host=SP-SharonW11 task=upw-install]