[vaporary]

I've been enjoying FreshTomato on my home router for a number of years now.

Sometimes, though, there are network environments I'd like to implement which are difficult to configure through the webUI, but which would be relatively trivial from a Linux CLI. For example, I'd like to create an ESSID which is bridged to a tagged VLAN, but on which the router has no layer3 presence. Or, maybe I'd like to setup a wireguard link, but only send selective traffic down it using firewall marks and policy routing.

What I'd really like is a way to use the webUI to setup my initial base configuration, and then flip a switch to turn off the webUI, and implement further changes myself by editing configuration files on the device and calling out to shell scripts when needed to run "ip" and "brctl" commands.

Does anyone know if such a thing is possible with FreshTomato, OpenWRT, or something similar? Am I just thinking about this wrong?

[oarsinsync]

OpenWRT exposes a bunch of system / scripting functions through the web UI as well.

You can access crontab, /etc/rc.local, init scripts, and add custom paths to be included in openwrt managed backups and restores.

It's reasonably flexible in enabling power users, rather than working against you.

[RiverCrochet]

I think in OpenWRT you can disable uhttpd in the Startup tab to prevent the Web UI from running.

[snvzz]

Better do it from elsewhere than the web ui.

It ensures you don't get locked out.

[ssl-3]

It has been many years since I've run any version of Tomato on anything, so I won't guess about the present state of that.

But I think I can answer your question.

These days, at least at home, I run OpenWRT on a Pi 4 (because it was cheap at the time).

I use its web interface for the usual mundane poking and prodding.

And when I want something special, I just add a simple startup script like I would have done on any other Linux box back when init systems were plain and dumb.

This same thing should also work on any other OpenWRT installation that has a writeable filesystem (instead of, eg, SquashFS).

And no, I don't think you are thinking of this wrong as a concept. It's a home network and not enterprise, and at the end of the day these things are all just Linux machines with a nice GUI. I think it is totally cromulent to mold them to your will.