summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-fwknopd/luasrc/model/cbi
diff options
context:
space:
mode:
authorHannu Nyman <hannu.nyman@iki.fi>2020-10-31 12:05:11 +0200
committerGitHub <noreply@github.com>2020-10-31 12:05:11 +0200
commit26d5bf4241dc576fb267417e02d1b9f010293d58 (patch)
treeab4ecce6372f0b87a4a42ded6e9d97828c91bdf5 /applications/luci-app-fwknopd/luasrc/model/cbi
parent5a485f8c686cdc918c008e75bbf96bc51515d6aa (diff)
parentf52acdb23b7e47e72619a28a5d0d7a5ab76aff4e (diff)
Merge pull request #4490 from oldium/fix-fwknopd-qr-and-key-type
luci-app-fwknopd: Client-side rendering and improvements/fixes.
Diffstat (limited to 'applications/luci-app-fwknopd/luasrc/model/cbi')
-rw-r--r--applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua52
1 files changed, 0 insertions, 52 deletions
diff --git a/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua b/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
deleted file mode 100644
index 9ae754cb93..0000000000
--- a/applications/luci-app-fwknopd/luasrc/model/cbi/fwknopd.lua
+++ /dev/null
@@ -1,52 +0,0 @@
--- Copyright 2015 Jonathan Bennett <jbennett@incomsystems.biz>
--- Licensed to the public under the GNU General Public License v2.
-tmp = 0
-m = Map("fwknopd", translate("Firewall Knock Operator"))
-
-s = m:section(TypedSection, "global", translate("Enable Uci/Luci control")) -- Set uci control on or off
-s.anonymous=true
-s:option(Flag, "uci_enabled", translate("Enable config overwrite"), translate("When unchecked, the config files in /etc/fwknopd will be used as is, ignoring any settings here."))
-
-s = m:section(TypedSection, "access", translate("access.conf stanzas")) -- set the access.conf settings
-s.anonymous=true
-s.addremove=true
-qr = s:option(DummyValue, "note0", "dummy")
-qr.tmp = tmp
-qr.template = "fwknopd-qr"
-qr:depends("uci_enabled", "1")
-s:option(Value, "SOURCE", "SOURCE", translate("Use ANY for any source IP"))
-k1 = s:option(Value, "KEY", "KEY", translate("Define the symmetric key used for decrypting an incoming SPA packet that is encrypted by the fwknop client with Rijndael."))
-k1:depends("keytype", translate("Normal Key"))
-k2 = s:option(Value, "KEY_BASE64", "KEY_BASE64", translate("Define the symmetric key used for decrypting an incoming SPA \
- packet that is encrypted by the fwknop client with Rijndael."))
-k2:depends("keytype", translate("Base64 key"))
-l1 = s:option(ListValue, "keytype", "Key type")
-l1:value("Normal Key", "Normal Key")
-l1:value("Base64 key", "Base64 key")
-k3 = s:option(Value, "HMAC_KEY", "HMAC_KEY", "The hmac key")
-k3:depends("hkeytype", "Normal Key")
-k4 = s:option(Value, "HMAC_KEY_BASE64", "HMAC_KEY_BASE64", translate("The base64 hmac key"))
-k4:depends("hkeytype", "Base64 key")
-l2 = s:option(ListValue, "hkeytype", "HMAC Key type")
-l2:value("Normal Key", "Normal Key")
-l2:value("Base64 key", "Base64 key")
-s:option(Value, "OPEN_PORTS", "OPEN_PORTS", translate("Define a set of ports and protocols (tcp or udp) that will be opened if a valid knock sequence is seen. \
- If this entry is not set, fwknopd will attempt to honor any proto/port request specified in the SPA data \
- (unless of it matches any “RESTRICT_PORTS” entries). Multiple entries are comma-separated."))
-s:option(Value, "FW_ACCESS_TIMEOUT", "FW_ACCESS_TIMEOUT", translate("Define the length of time access will be granted by fwknopd through the firewall after a \
- valid knock sequence from a source IP address. If “FW_ACCESS_TIMEOUT” is not set then the default \
- timeout of 30 seconds will automatically be set."))
-s:option(Value, "REQUIRE_SOURCE_ADDRESS", "REQUIRE_SOURCE_ADDRESS", translate("Force all SPA packets to contain a real IP address within the encrypted data. \
- This makes it impossible to use the -s command line argument on the fwknop client command line, so either -R \
- has to be used to automatically resolve the external address (if the client behind a NAT) or the client must \
- know the external IP and set it via the -a argument."))
-
-s = m:section(TypedSection, "config", translate("fwknopd.conf config options"))
-s.anonymous=true
-s:option(Value, "MAX_SPA_PACKET_AGE", "MAX_SPA_PACKET_AGE", translate("Maximum age in seconds that an SPA packet will be accepted. Defaults to 120 seconds."))
-s:option(Value, "PCAP_INTF", "PCAP_INTF", translate("Specify the ethernet interface on which fwknopd will sniff packets."))
-s:option(Value, "ENABLE_IPT_FORWARDING", "ENABLE_IPT_FORWARDING", translate("Allow SPA clients to request access to services through an iptables firewall instead of just to it."))
-s:option(Value, "ENABLE_NAT_DNS", "ENABLE_NAT_DNS", translate("Allow SPA clients to request forwarding destination by DNS name."))
-
-return m
-