UDEV rules and forwarding rules

We are trying to migrate our current OS to BalenaOS but for me it is not clear where to put the following:

  • Custom UDEV rules:

SUBSYSTEM=="net", DEVPATH=="/devices/pci*/net/e*", NAME="lan0"

  • IP forwarding rules (net.ipv4.ip_forward=1) MASQUERADE for forwading external WIFI ports to internal devices connected via ethernet:

post-up iptables -t nat -A PREROUTING -p tcp --dport 2111 -j DNAT --to-destination

Thanks in advance

Hi @reinzor ,
The UDEV rules can go into config.json. The process is described here: https://jel.ly.fish/4592e980-3db9-4059-9aa8-dc4324b7f577.
The config.json file can be found on the running device in /mnt/boot or on the boot partition of your SD-card / flash image.
IPTables rules can be added from within an application container with host networking enabled (and possibly privileged mode too). You need be very careful to make sure you do not interfere with the IPtables rules set by docker.

1 Like

sorry accidentally copied a wrong link. Find the description of UDEV rules here: https://github.com/balena-os/meta-balena#udevrules

Thanks a lot for the quick response! This clears things up!

Please let us know if you need further support!

We managed to set-up the udev rules and system-connections properly:

  1. Download image using balena os download
  2. Mount partition and modify config.json + system-connections
  3. Use resulting app_name_<version>.img for flashing our devices

Now the second question arises: how do we manage updates of our config.json file? I can imagine that we would like to add a new udev rule for example. We have the following questions:

  1. Can we get a version / hash of the current config.json of a device?
  2. Can we update the config.json of a device remotely? Is there an interface for this?


Being able to remotely modify config.json entries is something that we have on the todo list: https://github.com/balena-io/balena-supervisor/issues/998

Unfortunately at the moment you will have to go through the same process you outlined above and basically reflash the device every time.

Another option is this experimental project: https://github.com/balena-io-playground/configizer. If you decide to go with this, please be aware that it is not tested as extensively as we feel it should be. Which is the reason for it being in the “playground” org.
Make sure you try it in a dev environment first to ensure it fits your usecase.

Thanks for the clarification!