RobustOS Pro UCI Configuration Manual

RobustOS Pro UCI Configuration Manual

This document serves as a general reference manual for the UCI configuration interface of the Robustel RobustOS Pro system.

Important Notice: UCI configuration parameters vary depending on device model and firmware version. The parameter lists, value ranges, and default values in this document are for reference only. Please refer to your actual device for specific configuration parameters and support ranges.

It's recommended to verify before configuration by:

  • Using sudo uci print to view the current device's actual configuration

  • Logging into the Web management interface to view supported configuration options (recommended)

  • Checking configuration definition files in the /etc/router/uci/ directory

1. UCI Overview

1.1 What is UCI

UCI (Unified Configuration Interface) is the unified configuration interface for the RobustOS Pro system, used to manage all device configuration parameters. UCI provides a standardized set of command-line tools for reading, modifying, and saving configurations.

1.2 UCI Basic Concepts

  • Configuration file storage location: /app/config/config.xml

  • Configuration parameter definitions: /etc/router/uci/*.xml

  • Permission requirements: All UCI commands require root privileges or sudo

1.2.1 Important Notes

UCI Command Behavior Characteristics:

  1. uci set command: After modifying configuration, uci commit must be executed to permanently save to the configuration file
  • uci set only performs basic syntax checks, does not validate parameter integrity and dependencies
  1. uci commit command: Performs complete configuration validation

  • Checks if all required parameters are set

  • Verifies if parameter values are within allowed ranges

  • Only saves to configuration file after passing validation

  1. uci get command: Can only read configurations that have been committed; newly set but uncommitted configurations cannot be read via get

  2. List operations: Dynamic lists (such as firewall rules, GPS servers, etc.) need to use uci add to add list items first, then use uci set to set parameters

  3. Configuration validation failure troubleshooting:

  • If uci commit fails, use sudo journalctl -t uci -f to view error details in real-time

  • Error logs will clearly indicate which parameter is missing or invalid

  • See Chapter 6 "Troubleshooting" for details

  1. Testing recommendation: It's recommended to test commands in a test environment first, then execute uci commit in production environment after confirming correctness

1.3 UCI Command Format

1.3.1 View Configuration

# View all UCI configuration
sudo uci print

# View specific configuration item
sudo uci get <module>.<parameter>

# Example
sudo uci get vrrp.enable

1.3.2 Set Configuration

# Set single parameter
sudo uci set <module>.<parameter> <value>

# Example
sudo uci set vrrp.enable true

1.3.3 List Operations

# Get list item (index starts from 1)
sudo uci get <module>.<list>[<index>].<field>

# Example
sudo uci get wan_links.link[1].type

# Add list item (need to specify ID, ID is usually the next sequence number of the list)
sudo uci add <module>.<list> <id>

# Example: Add firewall custom rule
sudo uci add firewall.custom_list 3
sudo uci set firewall.custom_list[3].desc "My Rule"
sudo uci set firewall.custom_list[3].family ipv4
sudo uci set firewall.custom_list[3].rule " -A INPUT -p tcp --dport 8080 -j ACCEPT"

# Example: Add GPS server
sudo uci add gps.server 1
sudo uci set gps.server[1].enable true
sudo uci set gps.server[1].protocol "tcp_client"
sudo uci set gps.server[1].server_addr "192.168.1.100"
sudo uci set gps.server[1].server_port 9000

# Example: Add DHCP static lease
sudo uci add lan_links.static_lease_list 1
sudo uci set lan_links.static_lease_list[1].interface "br_lan"
sudo uci set lan_links.static_lease_list[1].mac "00:11:22:33:44:55"
sudo uci set lan_links.static_lease_list[1].ip "192.168.1.100"

# Delete list item
sudo uci del <module>.<list> <index>

# Example
sudo uci del firewall.custom_list 2

1.3.4 Save Configuration

# Save all UCI configuration to disk
sudo uci commit

2. Configuration Module Categories

Note: The following module list covers most functions supported by Robustel devices. Different device models may support different modules, and some modules may not be available on specific models. Please refer to your actual device configuration.

2.1 Network Interface Modules

  • cellular - Cellular network configuration

  • wan_links - WAN link configuration

  • lan_links - LAN link configuration

  • ethernet - Ethernet port configuration

  • wireless - Wireless network configuration

  • vlan - VLAN configuration

  • bridge - Bridge configuration

2.2 VPN & Tunnel Modules

  • openvpn - OpenVPN configuration

  • ipsec - IPSec VPN configuration

  • dmvpn - DMVPN configuration

  • gre - GRE tunnel configuration

  • pptp - PPTP VPN configuration

  • l2tp - L2TP VPN configuration

  • wireguard - WireGuard VPN configuration

2.3 Firewall & Security Modules

  • firewall - Firewall configuration

  • webfilter - Web content filtering

  • access_control - Access control

  • ssh - SSH service configuration

2.4 Network Service Modules

  • route - Static routing configuration

  • policy_route - Policy routing configuration

  • vrrp - VRRP virtual router redundancy

  • qos - QoS quality of service configuration

  • ddns - Dynamic DNS configuration

  • ntp - Time synchronization service

2.5 Interface & I/O Modules

  • serial_port - Serial port configuration

  • dido - Digital input/output configuration

  • gps - GPS configuration

  • ai - Analog input configuration

2.6 System Management Modules

  • system - Basic system configuration

  • devcfg - Device configuration

  • user_management - User management

  • web_server - Web server configuration

  • syslog - System log configuration

  • snmp - SNMP configuration

  • sms - SMS configuration

  • email - Email notification configuration

  • event - Event management configuration

2.7 Advanced Feature Modules

  • smart_roaming - Smart roaming configuration

  • rcms - RCMS cloud management configuration

  • captive_portal - Captive portal configuration

  • software_update - Software update configuration

  • backup_restore - Backup and restore configuration

  • reboot - Reboot schedule configuration

  • do_scheduler - DO scheduler

  • bluetooth - Bluetooth configuration

  • usb - USB configuration

3. Detailed Configuration Parameter Descriptions

Important Reminder: The parameter lists, types, value ranges, and default values provided in this chapter are for reference only. Due to differences in device models and firmware versions:

  • Some parameters may not exist on specific devices

  • Parameter value ranges may be adjusted with firmware versions

  • Default values may differ by device model

  • Please refer to your actual device, use sudo uci print or Web interface to view the current device's actual configuration

3.1 Cellular Network

3.1.1 Basic Configuration

Module Path: cellular

Parameter NameTypeValue RangeDefaultDescription
primary_simenumsim1, sim2sim1Primary SIM card selection
auto_switchbooltrue, falsetrueEnable SIM card failover
auto_switch_returnbooltrue, falsefalseEnable SIM card fallback
auto_switch_timeint1..6553530Fallback interval (minutes)
switch_by_signalbooltrue, falsefalseSwitch by signal strength
switch_while_roamingbooltrue, falsefalseSwitch SIM while roaming

Command Examples:

# View primary SIM configuration
sudo uci get cellular.primary_sim

# Set primary SIM to sim2
sudo uci set cellular.primary_sim sim2

# Enable SIM auto-switch
sudo uci set cellular.auto_switch true

# Set fallback interval to 60 minutes
sudo uci set cellular.auto_switch_time 60

# Save configuration
sudo uci commit

3.1.2 SIM Card Configuration

Module Path: cellular.sim[index] (index starts from 1)

Parameter NameTypeValue RangeDefaultDescription
idint1..2-SIM card index
cardenumsim1, sim2-SIM card slot
auto_apnbooltrue, falsetrueAutomatic APN selection
apnstring-internetAccess Point Name
usernamestring--Username
passwordstring--Password (encrypted)
auth_typeenumnone, chap, papchapAuthentication type
phone_numberstring--Phone number
pin_codestring4-8 digits-PIN code
network_typeenumauto, 2g_only, 3g_only, 4g_only, 5g_sa_only, 5g_nsa_onlyautoNetwork type
band_select_typeenumall, specifyallBand selection type
mtuint1280..15001500MTU size
auto_mtubooltrue, falsetrueAutomatic MTU
ip6_enablebooltrue, falsefalseEnable IPv6
trafficbooltrue, falsetrueTraffic statistics
data_allowanceint0..21474836470Data allowance (MB, 0=disabled)
billing_dayint1..311Billing day
debug_enablebooltrue, falsetrueEnable debug

Command Examples:

# View SIM1 APN settings
sudo uci get cellular.sim[1].apn

# Set SIM1 APN
sudo uci set cellular.sim[1].auto_apn false
sudo uci set cellular.sim[1].apn "cmnet"
sudo uci set cellular.sim[1].username "user"
sudo uci set cellular.sim[1].password "pass"
sudo uci set cellular.sim[1].auth_type "chap"

# Set network type to 4G first
sudo uci set cellular.sim[1].network_type "4g_first"

# Set data allowance to 10GB
sudo uci set cellular.sim[1].data_allowance 10240

# Save configuration
sudo uci commit

3.1.3 Band Settings

Module Path: cellular.sim[index].band_settings

Important Notice: The supported frequency bands differ across device models. The list below contains common frequency bands. Please refer to the Web UI of your actual device for the supported bands.

Supported band parameters include:

GSM Bands:

  • gsm_850, gsm_900, gsm_1800, gsm_1900

WCDMA Bands:

  • wcdma_800, wcdma_850, wcdma_900, wcdma_1700, wcdma_1800, wcdma_1900, wcdma_2100, wcdma_band19

LTE Bands:

  • lte_band1 ~ lte_band87 (Supports all major LTE bands)

5G NSA Bands:

  • nsa_nr5g_band1 ~ nsa_nr5g_band79

5G SA Bands:

  • nr5g_band1 ~ nr5g_band79

Command Examples:

# Set band selection type to specify
sudo uci set cellular.sim[1].band_select_type specify

# Enable specific LTE bands
sudo uci set cellular.sim[1].band_settings.lte_band1 true
sudo uci set cellular.sim[1].band_settings.lte_band3 true
sudo uci set cellular.sim[1].band_settings.lte_band7 true
sudo uci set cellular.sim[1].band_settings.lte_band20 true

# Save configuration
sudo uci commit

Module Path: wan_links.link[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..10-Link index
namestring3-32 chars-Link name
typeenummodem, ethernet, vlan, wifi-Link type
interface_modemenumwwan-Modem interface
interface_ethernetenumeth0, eth1-Ethernet interface
interface_vlanenum--VLAN interface
interface_wifienumwlan0-WiFi interface
descstring--Description
weightint0..100Weight (0=not in load balancing)
firewall_zoneenumexternal, internalexternalFirewall zone

Command Examples:

# View first WAN link type
sudo uci get wan_links.link[1].type

# Set WAN link weight
sudo uci set wan_links.link[1].weight 5

# Set WAN link description
sudo uci set wan_links.link[1].desc "Primary WAN"

# Save configuration
sudo uci commit

3.2.2 IPv4 Configuration

Module Path: wan_links.link[index].ipv4

Parameter NameTypeValue RangeDefaultDescription
connection_typeenumdhcp, pppoe, manual, disableddhcpConnection type
addressstringIP/netmask-IPv4 address (manual mode)
gatewaystringIP address-Gateway (manual mode)
dns1stringIP address-Primary DNS (manual mode)
dns2stringIP address-Secondary DNS (manual mode)
pppoe_usernamestring--PPPoE username
pppoe_passwordstring--PPPoE password

Command Examples:

# Set to DHCP mode
sudo uci set wan_links.link[1].ipv4.connection_type dhcp

# Set to static IP mode
sudo uci set wan_links.link[1].ipv4.connection_type manual
sudo uci set wan_links.link[1].ipv4.address "192.168.1.100/24"
sudo uci set wan_links.link[1].ipv4.gateway "192.168.1.1"
sudo uci set wan_links.link[1].ipv4.dns1 "8.8.8.8"
sudo uci set wan_links.link[1].ipv4.dns2 "8.8.4.4"

# Set to PPPoE mode
sudo uci set wan_links.link[1].ipv4.connection_type pppoe
sudo uci set wan_links.link[1].ipv4.pppoe_username "user@isp.com"
sudo uci set wan_links.link[1].ipv4.pppoe_password "password"

# Save configuration
sudo uci commit

3.2.3 Ping Detection Configuration

Module Path: wan_links.link[index].ping

Parameter NameTypeValue RangeDefaultDescription
enablebooltrue, falsetrueEnable ping detection
ip4_primary_serverstringIP/Domain8.8.8.8IPv4 primary server
ip4_secondary_serverstringIP/Domain1.2.4.8IPv4 secondary server
ip6_primary_serverstringIPv6/Domain2001:4860:4860::8888IPv6 primary server
ip6_secondary_serverstringIPv6/Domain2400:3200:baba::1IPv6 secondary server
intervalint10..1800300Detection interval (seconds)
timeoutint1..103Timeout (seconds)
reconnect_triesint1..103Reconnect tries
recover_triesint1..103Recover tries

Command Examples:

# Enable ping detection
sudo uci set wan_links.link[1].ping.enable true

# Set detection servers
sudo uci set wan_links.link[1].ping.ip4_primary_server "8.8.8.8"
sudo uci set wan_links.link[1].ping.ip4_secondary_server "114.114.114.114"

# Set detection interval to 60 seconds
sudo uci set wan_links.link[1].ping.interval 60

# Set reconnect tries
sudo uci set wan_links.link[1].ping.reconnect_tries 5

# Save configuration
sudo uci commit

3.3.1 Basic LAN Configuration

Module Path: lan_links.link[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..10-Link index
namestring3-32 chars-Link name
typeenumbridge, ethernet, vlanbridgeLink type
interface_bridgeenumbr_lanbr_lanBridge interface
interface_ethernetenumeth0, eth1-Ethernet interface
interface_vlanenum--VLAN interface
descstring--Description
firewall_zoneenuminternal, externalinternalFirewall zone

Command Examples:

# View LAN configuration
sudo uci get lan_links.link[1].name
sudo uci get lan_links.link[1].type

# Save configuration
sudo uci commit

3.3.2 IPv4 Settings

Module Path: lan_links.link[index].ip4_setting

Parameter NameTypeValue RangeDefaultDescription
ip4_addrs.ip4_addr[n]stringIP/netmask192.168.0.1/24IPv4 address list

Command Examples:

# Set LAN IP address
sudo uci set lan_links.link[1].ip4_setting.ip4_addrs.ip4_addr[1] "192.168.1.1/24"

# Add an additional IP address
sudo uci set lan_links.link[1].ip4_setting.ip4_addrs.ip4_addr[2] "192.168.2.1/24"

# Save configuration
sudo uci commit

3.3.3 DHCP Server Configuration

Module Path: lan_links.link[index].dhcp

Parameter NameTypeValue RangeDefaultDescription
enablebooltrue, falsetrueEnable DHCP server
pool_startstringIP address192.168.0.2Pool start address
pool_endstringIP address192.168.0.100Pool end address
primary_dnsstringIP address-Primary DNS server
secondary_dnsstringIP address-Secondary DNS server
lease_timeint10..10080120Lease time (minutes)

Command Examples:

# Enable DHCP server
sudo uci set lan_links.link[1].dhcp.enable true

# Set DHCP pool
sudo uci set lan_links.link[1].dhcp.pool_start "192.168.1.100"
sudo uci set lan_links.link[1].dhcp.pool_end "192.168.1.200"

# Set DNS servers
sudo uci set lan_links.link[1].dhcp.primary_dns "8.8.8.8"
sudo uci set lan_links.link[1].dhcp.secondary_dns "8.8.4.4"

# Set lease time to 1440 minutes (24 hours)
sudo uci set lan_links.link[1].dhcp.lease_time 1440

# Save configuration
sudo uci commit

3.3.4 DHCP Static Leases

Module Path: lan_links.static_lease_list[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..50-Index
interfaceenum--Interface
macstringMAC address-MAC address (XX:XX:XX:XX:XX:XX)
ipstringIP address-IP address

Command Examples:

# Add a static DHCP lease (add list item first, then set parameters)
sudo uci add lan_links.static_lease_list 1
sudo uci set lan_links.static_lease_list[1].interface "br_lan"
sudo uci set lan_links.static_lease_list[1].mac "00:11:22:33:44:55"
sudo uci set lan_links.static_lease_list[1].ip "192.168.1.100"

# Add more static leases
sudo uci add lan_links.static_lease_list 2
sudo uci set lan_links.static_lease_list[2].interface "br_lan"
sudo uci set lan_links.static_lease_list[2].mac "00:11:22:33:44:66"
sudo uci set lan_links.static_lease_list[2].ip "192.168.1.101"

# Save configuration
sudo uci commit

3.4 Ethernet

Module Path: ethernet.port_setting[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..5-Port index
namestring3-32 chars-Port name
portenumeth0, eth1, eth2, eth3, eth4 (range depends on actual physical ports)-Physical port
port_enablebooltrue, falsetrueEnable port
port_speedenumauto, 10h, 10f, 100h, 100f, 1000fautoPort speed
mtuint1280..15001500MTU size

Speed Options:

  • auto: Auto-negotiation

  • 10h: 10M half-duplex

  • 10f: 10M full-duplex

  • 100h: 100M half-duplex

  • 100f: 100M full-duplex

  • 1000f: 1000M full-duplex

Command Examples:

# View Ethernet port configuration
sudo uci get ethernet.port_setting[1].port
sudo uci get ethernet.port_setting[1].port_speed

# Set port speed to 100M full-duplex
sudo uci set ethernet.port_setting[1].port_speed "100f"

# Set MTU
sudo uci set ethernet.port_setting[1].mtu 1450

# Disable port
sudo uci set ethernet.port_setting[1].port_enable false

# Save configuration
sudo uci commit

3.5 Serial Port

Module Path: serial_port.port_setting[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..6-Serial port index
portenumcom1, com2, com3, com4, com5, com6 (depends on actual hardware)-Serial port number
enablebooltrue, falsefalseEnable serial port
port_typeenumRS232, RS485RS232Port type
baud_rateenum300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200115200Baud rate
data_bitsenum7, 88Data bits
stop_bitsenum1, 21Stop bits
parityenumnone, odd, evennoneParity
flow_ctrlenumnone, hardware, softwarenoneFlow control
packing_timeoutint10..100050Packing timeout (ms)
packing_lengthint1..30001200Packing length
application_modeenumtransparent, modbus_rtu_gateway, modbus_ascii_gatewaytransparentApplication mode
protocolenumtcp_client, tcp_server, udptcp_clientNetwork protocol
local_ipstringIP address-Local IP (tcp_server mode)
local_portint1..65535-Local port (tcp_server mode)
server_addrstringIP/Domain-Server address (tcp_client mode)
server_portint1..65535-Server port (tcp_client mode)
keep_aliveint0..180000Keep-alive time (seconds)

Command Examples:

# Enable serial port 1
sudo uci set serial_port.port_setting[1].enable true

# Set serial port parameters
sudo uci set serial_port.port_setting[1].port_type "RS232"
sudo uci set serial_port.port_setting[1].baud_rate 115200
sudo uci set serial_port.port_setting[1].data_bits 8
sudo uci set serial_port.port_setting[1].stop_bits 1
sudo uci set serial_port.port_setting[1].parity "none"
sudo uci set serial_port.port_setting[1].flow_ctrl "none"

# Set to TCP client mode
sudo uci set serial_port.port_setting[1].protocol "tcp_client"
sudo uci set serial_port.port_setting[1].server_addr "192.168.1.100"
sudo uci set serial_port.port_setting[1].server_port 8000

# Set packing parameters
sudo uci set serial_port.port_setting[1].packing_timeout 100
sudo uci set serial_port.port_setting[1].packing_length 512

# Save configuration
sudo uci commit

3.6 Digital Input/Output

Module Path: dido.io[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..8 (depends on actual hardware)-IO index
enablebooltrue, falsefalseEnable
dido_modeenumdi, dodiMode (input/output)
modeenumon_off, counteron_offDI mode
inversionbooltrue, falsefalseInvert logic
thresholdint0..655350Counter threshold
alarm_on_contentstring1..256 charsAlarm OnAlarm on content
alarm_off_contentstring1..256 charsAlarm OffAlarm off content
alarm_on_actionenumhigh, low, pulsehighDO alarm on action
alarm_off_actionenumhigh, low, pulselowDO alarm off action
initial_stateenumlast, high, lowlastDO initial state
delayint0..30000Delay (100ms units)
hold_timeint0..30000Hold time (seconds)
pulse_lowint1000..30001000Pulse low width (ms)
pulse_highint1000..30001000Pulse high width (ms)
di_triggerbooltrue, falsetrueDI trigger
alarm_sourceenumnone, di1_alarm, di2_alarm, di3_alarm, di4_alarmnoneAlarm source

Command Examples:

# Configure DI (Digital Input)
sudo uci set dido.io[1].enable true
sudo uci set dido.io[1].dido_mode "di"
sudo uci set dido.io[1].mode "on_off"
sudo uci set dido.io[1].inversion false
sudo uci set dido.io[1].alarm_on_content "Door Open"
sudo uci set dido.io[1].alarm_off_content "Door Closed"

# Configure DI as counter mode
sudo uci set dido.io[2].enable true
sudo uci set dido.io[2].dido_mode "di"
sudo uci set dido.io[2].mode "counter"
sudo uci set dido.io[2].threshold 1000

# Configure DO (Digital Output)
sudo uci set dido.io[3].enable true
sudo uci set dido.io[3].dido_mode "do"
sudo uci set dido.io[3].alarm_on_action "high"
sudo uci set dido.io[3].alarm_off_action "low"
sudo uci set dido.io[3].initial_state "low"
sudo uci set dido.io[3].delay 10
sudo uci set dido.io[3].hold_time 5

# Configure DO in pulse mode
sudo uci set dido.io[4].enable true
sudo uci set dido.io[4].dido_mode "do"
sudo uci set dido.io[4].alarm_on_action "pulse"
sudo uci set dido.io[4].pulse_low 1000
sudo uci set dido.io[4].pulse_high 2000

# Save configuration
sudo uci commit

3.7 GPS

Module Path: gps

Applies only to devices that support GPS.

Parameter NameTypeValue RangeDefaultDescription
enablebooltrue, falsefalseEnable GPS
sync_gps_timebooltrue, falsefalseSync GPS time
report_to_rs232booltrue, falsefalseReport to RS232
rs232_numenumcom1, com2com1RS232 port
rs232_nmea_gpggabooltrue, falsefalseReport GGA sentences
rs232_nmea_gpvtgbooltrue, falsefalseReport VTG sentences
rs232_nmea_gprmcbooltrue, falsefalseReport RMC sentences
rs232_nmea_gpgsvbooltrue, falsefalseReport GSV sentences
remove_lf_characterbooltrue, falsetrueRemove CR/LF characters
self_define_gpsidenumNone, prefix, suffixNoneCustom GPS ID
self_define_gpsid_headerstring7 uppercase letters-GPS ID header
add_sn_as_gpsidbooltrue, falsefalseAdd SN as GPS ID
transmit_intervalint0..6048001Transmit interval (sec, 0=disable)

GPS Server Configuration:

Module Path: gps.server[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..5-Server index
enablebooltrue, falsetrueEnable
protocolenumtcp_client, tcp_server, udptcp_clientProtocol
local_addrstringIP address-Local address (tcp_server mode)
local_portint1..65535-Local port (tcp_server mode)
server_addrstringIP/Domain-Server address (tcp_client mode)
server_portint1..65535-Server port (tcp_client mode)
nmea_gpggabooltrue, falsefalseSend GGA sentences
nmea_gpvtgbooltrue, falsefalseSend VTG sentences
nmea_gprmcbooltrue, falsefalseSend RMC sentences
nmea_gpgsvbooltrue, falsefalseSend GSV sentences

Command Examples:

# Enable GPS
sudo uci set gps.enable true
sudo uci set gps.sync_gps_time true

# Configure RS232 reporting
sudo uci set gps.report_to_rs232 true
sudo uci set gps.rs232_num "com1"
sudo uci set gps.rs232_nmea_gpgga true
sudo uci set gps.rs232_nmea_gprmc true

# Add GPS server (add list item first, then set parameters)
sudo uci add gps.server 1
sudo uci set gps.server[1].enable true
sudo uci set gps.server[1].protocol "tcp_client"
sudo uci set gps.server[1].server_addr "gps.server.com"
sudo uci set gps.server[1].server_port 9000
sudo uci set gps.server[1].nmea_gpgga true
sudo uci set gps.server[1].nmea_gprmc true

# Add another GPS server
sudo uci add gps.server 2
sudo uci set gps.server[2].enable true
sudo uci set gps.server[2].protocol "tcp_client"
sudo uci set gps.server[2].server_addr "backup.gps.server.com"
sudo uci set gps.server[2].server_port 9000

# Set transmit interval to 5 seconds
sudo uci set gps.transmit_interval 5

# Save configuration
sudo uci commit

3.8 Firewall

3.8.1 Basic Firewall Policy

Module Path: firewall

Parameter NameTypeValue RangeDefaultDescription
syn_flood_protection_enablebooltrue, falsetrueSYN flood protection
ping_forward_limit_enablebooltrue, falsefalsePing forwarding limit
input_policyenumaccept, dropacceptInput policy
output_policyenumaccept, dropacceptOutput policy
forward_policyenumaccept, dropdropForward policy

Command Examples:

# Set firewall policies
sudo uci set firewall.input_policy "accept"
sudo uci set firewall.output_policy "accept"
sudo uci set firewall.forward_policy "drop"

# Enable SYN flood protection
sudo uci set firewall.syn_flood_protection_enable true

# Enable ping forwarding limit
sudo uci set firewall.ping_forward_limit_enable true

# Save configuration
sudo uci commit

3.8.2 Firewall Zones

Module Path: firewall.zone_list[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..50-Zone index
namestring--Zone name
input_actionenumaccept, dropacceptInput action
output_actionenumaccept, dropacceptOutput action
forward_actionenumaccept, dropacceptForwarding action
masquerading_enablebooltrue, falsefalseEnable masquerading (NAT)
mss_clamping_enablebooltrue, falsefalseMSS clamping
dmz_enablebooltrue, falsefalseEnable DMZ
dmz_hoststringIP address-DMZ host IP
dmz_sourcestringIP/range-DMZ source address
dmz_destinationstringIP address-DMZ destination address
ssh_accessbooltrue, falsetrueAllow SSH access
http_accessbooltrue, falsetrueAllow HTTP access
https_accessbooltrue, falsetrueAllow HTTPS access
ping_respondbooltrue, falsetrueRespond to ping

Command Examples:

# Configure external zone
sudo uci set firewall.zone_list[1].name "external"
sudo uci set firewall.zone_list[1].input_action "drop"
sudo uci set firewall.zone_list[1].output_action "accept"
sudo uci set firewall.zone_list[1].forward_action "drop"
sudo uci set firewall.zone_list[1].masquerading_enable true

# Configure DMZ
sudo uci set firewall.zone_list[1].dmz_enable true
sudo uci set firewall.zone_list[1].dmz_host "192.168.1.100"
sudo uci set firewall.zone_list[1].dmz_source "0.0.0.0/0"

# Configure access control
sudo uci set firewall.zone_list[1].ssh_access true
sudo uci set firewall.zone_list[1].http_access false
sudo uci set firewall.zone_list[1].https_access true
sudo uci set firewall.zone_list[1].ping_respond false

# Save configuration
sudo uci commit

3.8.2 Port Forwarding

Module Path: firewall.port_forwards[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..50-Rule index
descstring--Description
ip4_addrs.ip4_addr[n]stringIP address-IPv4 source address list
protocolenumtcp, udp, tcpudptcpudpProtocol
source_zoneenum-NoneSource zone
internet_portstringPort/range-External port
destination_zoneenum-NoneDestination zone
local_ipstringIP address-Internal IP address
local_portstringPort/range-Internal port

Command Examples:

# Add port forwarding rule (add list item first, then set parameters)
sudo uci add firewall.port_forwards 1
sudo uci set firewall.port_forwards[1].desc "Web Server"
sudo uci set firewall.port_forwards[1].protocol "tcp"
sudo uci set firewall.port_forwards[1].source_zone "external"
sudo uci set firewall.port_forwards[1].internet_port "80"
sudo uci set firewall.port_forwards[1].destination_zone "internal"
sudo uci set firewall.port_forwards[1].local_ip "192.168.1.100"
sudo uci set firewall.port_forwards[1].local_port "8080"

# Add port range forwarding
sudo uci add firewall.port_forwards 2
sudo uci set firewall.port_forwards[2].desc "Port Range"
sudo uci set firewall.port_forwards[2].protocol "tcp"
sudo uci set firewall.port_forwards[2].internet_port "8000:8010"
sudo uci set firewall.port_forwards[2].local_ip "192.168.1.200"
sudo uci set firewall.port_forwards[2].local_port "8000:8010"

# Save configuration
sudo uci commit

3.8.4 Traffic Rules

Module Path: firewall.traffic_rules[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..50-Rule index
descstring--Description
familyenumipv4, ipv6, ipv4ipv6ipv4ipv6Address family
protocolenumall, tcp, udp, tcpudp, icmp, igmptcpudpProtocol
source_zoneenum-NoneSource zone
source_ipstringIP/range-IPv4 source address
source_ip_ipv6stringIPv6 address-IPv6 source address
source_portstringPort/range-Source port
src_macstringMAC address-Source MAC address
destination_zoneenum-NoneDestination zone
destination_ipstringIP/range/domain-IPv4 destination address
destination_ip_ipv6stringIPv6 address-IPv6 destination address
destination_portstringPort/range-Destination port
actionenumaccept, dropdropAction

Command Examples:

# Add traffic rule - block specific IP (add list item first, then set parameters)
sudo uci add firewall.traffic_rules 1
sudo uci set firewall.traffic_rules[1].desc "Block Bad IP"
sudo uci set firewall.traffic_rules[1].family "ipv4"
sudo uci set firewall.traffic_rules[1].protocol "all"
sudo uci set firewall.traffic_rules[1].source_zone "external"
sudo uci set firewall.traffic_rules[1].source_ip "1.2.3.4"
sudo uci set firewall.traffic_rules[1].action "drop"

# Add traffic rule - allow specific port
sudo uci add firewall.traffic_rules 2
sudo uci set firewall.traffic_rules[2].desc "Allow SSH"
sudo uci set firewall.traffic_rules[2].protocol "tcp"
sudo uci set firewall.traffic_rules[2].destination_port "22"
sudo uci set firewall.traffic_rules[2].action "accept"

# Save configuration
sudo uci commit

3.8.5 Custom iptables Rules

Module Path: firewall.custom_list[index]

Parameter NameTypeValue RangeDefaultDescription
idint1..50-Rule index
descstring--Description
familyenumipv4, ipv6, ipv4ipv6ipv4Address family
rulestring--iptables rule

Command Examples:

# Add custom iptables rule
sudo uci set firewall.custom_list[1].desc "Drop to 192.168.2.20"
sudo uci set firewall.custom_list[1].family "ipv4"
sudo uci set firewall.custom_list[1].rule "-A OUTPUT -d 192.168.2.20 -j DROP"

# Add another custom rule
sudo uci set firewall.custom_list[2].desc "Allow incoming port 8080"
sudo uci set firewall.custom_list[2].family "ipv4"
sudo uci set firewall.custom_list[2].rule "-A INPUT -p tcp --dport 8080 -j ACCEPT"

# Save configuration
sudo uci commit

4. Other Important Module Configurations

4.1 System

Module Path: system

Parameter NameTypeValue RangeDefaultDescription
device_namestring-Edge-GatewayDevice name
usr_led_typeenumnonenoneUser LED type

Command Examples:

# Set device name
sudo uci set system.device_name "My-Router"

# Save configuration
sudo uci commit

4.2 User Management

Module Path: user_management

Parameter NameTypeValue RangeDefaultDescription
usernamestring-adminUsername
passwordstring--Password (encrypted)
idle_timeoutint-600Idle timeout (seconds)
sudo_enablebooltrue, falsefalseEnable sudo
sudo_usernamestring--sudo username
sudo_passwordstring--sudo password (encrypted)

Command Examples:

# Note: Admin password should be changed via Web interface or a specific command.
# Set idle timeout to 1800 seconds (30 minutes)
sudo uci set user_management.idle_timeout 1800

# Save configuration
sudo uci commit

4.3 SSH

Module Path: ssh

Parameter NameTypeValue RangeDefaultDescription
enablebooltrue, falsetrueEnable SSH
portint1..6553522SSH port
PermitRootLoginbooltrue, falsefalseAllow root login
root_disable_passwd_loginbooltrue, falsefalseDisable root password login

Command Examples:

# Disable root login
sudo uci set ssh.PermitRootLogin false

# Change SSH port
sudo uci set ssh.port 2222

# Save configuration
sudo uci commit

4.4 NTP (Time Synchronization)

Module Path: ntp

Parameter NameTypeValue RangeDefaultDescription
client_enablebooltrue, falsetrueEnable NTP client
primary_serverstring-pool.ntp.orgPrimary NTP server
secondary_serverstring--Secondary NTP server
update_intervalint-0Update interval (0=default)
timezonestring-Asia0ShanghaiTimezone
server_enablebooltrue, falsefalseEnable NTP server

Command Examples:

# Set NTP server
sudo uci set ntp.client_enable true
sudo uci set ntp.primary_server "time.google.com"
sudo uci set ntp.secondary_server "time.cloudflare.com"

# Set timezone
sudo uci set ntp.timezone "Asia0Shanghai"

# Save configuration
sudo uci commit

4.5 Syslog

Module Path: syslog

Parameter NameTypeValue RangeDefaultDescription
enablebooltrue, falsetrueEnable system log
levelenumemerg, alert, crit, err, warning, notice, info, debugdebugLog level
save_positionenumram, nvmramSave location
log_to_remotebooltrue, falsefalseSend to remote server
remote_ipstringIP address-Remote server IP
remote_portint1..65535514Remote server port
backup_remote_ipstringIP address-Backup remote server IP
backup_remote_portint1..65535514Backup remote server port
add_identifierbooltrue, falsefalseAdd identifier

Command Examples:

# Enable remote logging
sudo uci set syslog.enable true
sudo uci set syslog.level "info"
sudo uci set syslog.log_to_remote true
sudo uci set syslog.remote_ip "192.168.1.100"
sudo uci set syslog.remote_port 514

# Save configuration
sudo uci commit

4.6 Web Server

Module Path: web_server

Parameter NameTypeValue RangeDefaultDescription
http_portint1..6553580HTTP listening port
https_portint1..65535443HTTPS listening port
https_ca_certenum-NoneWeb service CA certificate (user uploaded)
https_private_keysenum-NoneWeb service private key (user uploaded)
http_redirect_to_httpsbooltrue, falsetrueRedirect HTTP to HTTPS

Command Examples:

# Change system Web listening ports
sudo uci set web_server.http_port 8080
sudo uci set web_server.https_port 8443

sudo uci commit

5. UCI Best Practices

5.1 Backup Before Configuration

# Backup the current configuration
sudo cp /app/config/config.xml /app/config/config.xml.backup

5.2 Batch Configuration Script Example

#!/bin/bash

# Configure cellular
sudo uci set cellular.primary_sim sim1
sudo uci set cellular.auto_switch true
sudo uci set cellular.sim[1].apn "internet"
sudo uci set cellular.sim[1].network_type "auto"

# Configure LAN
sudo uci set lan_links.link[1].ip4_setting.ip4_addrs.ip4_addr[1] "192.168.1.1/24"
sudo uci set lan_links.link[1].dhcp.enable true
sudo uci set lan_links.link[1].dhcp.pool_start "192.168.1.100"
sudo uci set lan_links.link[1].dhcp.pool_end "192.168.1.200"

# Configure firewall
sudo uci set firewall.input_policy "accept"
sudo uci set firewall.forward_policy "drop"

# Commit all changes
sudo uci commit

echo "Configuration completed!"

5.3 View All Configurations for a Specific Module

# Use grep to filter for a specific module
sudo uci print | grep "^cellular\."
sudo uci print | grep "^firewall\."

6. Troubleshooting

6.1 Diagnosing Commit Failures with journalctl

When uci commit fails, the most effective troubleshooting method is to check the UCI logs using journalctl.

6.1.1 Real-time Monitoring of UCI Logs

Recommended Practice: Before making configuration changes, run the following command in a separate terminal window:

# Follow UCI logs in real-time
sudo journalctl -t uci -f

Then, execute your UCI configuration commands in the first terminal. The second terminal will display any validation errors in real-time.

6.1.2 Viewing Historical UCI Logs

If uci commit has already failed, you can view the historical logs:

# View the last 50 UCI log entries
sudo journalctl -t uci -n 50

# View UCI logs from the last 5 minutes
sudo journalctl -t uci --since "5 minutes ago"

# View today's UCI logs
sudo journalctl -t uci --since today

# View logs from a specific time range
sudo journalctl -t uci --since "2025-10-20 11:00:00" --until "2025-10-20 12:00:00"

6.2 Configuration Recovery

# Restore the backed-up configuration
sudo cp /app/config/config.xml.backup /app/config/config.xml

# Reboot the system to apply the configuration
sudo reboot

6.3 Common Errors

Error 1: Insufficient Permissions

# Error message: Permission denied
# Solution: Use sudo or switch to the root user.
sudo uci get ...

Error 2: Incorrect List Index

# Note: List indices start from 1, not 0.
# Incorrect: uci get cellular.sim[0].apn
# Correct: uci get cellular.sim[1].apn

Error 3: Invalid Parameter Format

# IP address requires the correct format with a subnet mask.
# Incorrect: uci set lan_links.link[1].ip4_setting.ip4_addrs.ip4_addr[1] "192.168.1.1"
# Correct: uci set lan_links.link[1].ip4_setting.ip4_addrs.ip4_addr[1] "192.168.1.1/24"

7. Appendix

7.1 Data Type Reference

TypeFormatExample
booltrue/falsetrue
intInteger100
enumEnumerated valueauto, manual
stringString"test"
IP_ADDRIPv4 address192.168.1.1
IP6_ADDRIPv6 addressfd00::1
IP_ADDR_AND_SUBNET_LENIPv4 address/subnet length192.168.1.1/24
IP6_ADDR_AND_PREFIX_LENIPv6 address/prefix lengthfd00::1/64
MAC_ADDRMAC address00:11:22:33:44:55
NET_PORTPort number8080
NET_PORTSPort or port range8000:8010

Important Notes:

  1. All UCI commands require root privileges or sudo.

  2. After modifying the configuration, you must run sudo uci commit to save the changes.

  3. List indices start from 1, not 0.

  4. It is recommended to back up the current configuration before making significant changes.

    • Related Articles

    • RobustOS Pro Firewall Configuration Guide

      1. Overview and Core Principles This document provides correct methods and considerations for firewall configuration for RobustOS Pro system users. 1.1 Core Principles The system's firewall is uniformly managed by a system service named router. It ...

    • RobustOS Pro Third-Party Application Development Guide

      1. Quick Overview What is RobustOS Pro? RobustOS Pro is an embedded Linux distribution based on Debian 11 (bullseye), designed specifically to meet the demanding requirements of industrial IoT gateways, providing a high degree of customization and ...

    • RobustOS Pro Application Development Getting Started

      Preface Welcome to RobustOS Pro! This guide provides a step-by-step roadmap for understanding, developing, and deploying applications on the platform. This document is only applicable to RobustOS Pro 2.4.x firmware versions. System Architecture ...

    • RobustOS Pro Hardware Interface Quick Usage Guide

      1 Quick Start This chapter provides the most essential hardware information and test commands to help you start using hardware interfaces within 5 minutes. 1.1 Hardware Interface Overview Model Serial Port 1 Serial Port 2 DI DO DO (Relay) CAN ...

    • How to Configure APN on RobustOS Pro Gateways (EV8100, EG5100 Series, R1520LG, LG5100, EG5200, MG460)

      Overview This guide provides step-by-step instructions for configuring a custom Access Point Name (APN) on Robustel gateways running the RobustOS Pro system, including models such as EV8100, EG51xx series, R1520LG, LG5100, EG5200, and MG460. It ...