You can enable logging for a single firewall rule. Reasons could be just to verify things are working as part of trouble shooting or you have some specific access to monitor. In this example all outbound traffic is allowed, but we add a specific rule for logging destination port 8443.
Here is the rule we add:
option name 'FW LOG TEST'
option src 'lan'
option proto 'tcp'
option dest_port '8443'
option target 'ACCEPT'
option family 'ipv4'
option log 'Firewall Log to port 8443'
option dest 'vpn'
Then reload the firewall.
Next we visit a web site to test traffic to the rule.
Now, check the log.
Sat Apr 15 17:21:11 2023 kern.warn kernel: [ 2533.394182] FW LOG TEST: IN=br-lan OUT=wg0 MAC=60:32:b1:2f:36:c2:74:70:fd:d0:fd:3b:08:00 SRC=192.168.2.151 DST=184.108.40.206 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=54038 DF PROTO=TCP SPT=42292 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0
Sat Apr 15 17:21:11 2023 kern.warn kernel: [ 2533.505185] FW LOG TEST: IN=br-lan OUT=wg0 MAC=60:32:b1:2f:36:c2:74:70:fd:d0:fd:3b:08:00 SRC=192.168.2.151 DST=220.127.116.11 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=3981 DF PROTO=TCP SPT=42302 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0
You see that we have logs with DPT=8443. The name from our rule is included in the log. You can change that by putting a text string in the option log config. It looks like this (note extra space at the end):
option log 'Firewall Log outbound to port 8443 '
Discuss it on the OpenWrt forum.
Or, check out the traffic logging doc.
Save the below content to /www/cgi-bin/test.cgi Then access the URL http://192.168.1.1/cgi-bin/test.cgi You should see the environment vars.
These could be used in your script for logic.
You can take it a step further and add parameters to the get request and then parse them out of QUERY_STRING. Something like: http://192.168.1.1/cgi-bin/test.cgi?state=FL&city=Jacksonville
echo "Content-type: text/html"
echo "<HTML><HEAD><TITLE>CGI Environment</TITLE></HEAD>"
Discuss on the OpenWrt forums: Uhttpd environment/CGI variables