diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2011-12-19 21:16:31 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2011-12-19 21:16:31 +0000 |
| commit | 033de64a0f66e727cb97c54403614917a49cc577 (patch) | |
| tree | 1e1908490a79fe2aad2dc30a0f6d3ecc7f53b781 /applications/luci-firewall/luasrc/tools/firewall.lua | |
| parent | 24c4cce3ae278c0511a65aded38ef83b2e49d3d4 (diff) | |
applications/luci-firewall: complete rework firewall ui
- split zone setup, port forwards, traffic rules and firewall.user
- add quickadd forms for various common rules like port forwards
- add tool class for textual formatting and descriptions of rules
- simplify controller, remove old mini admin remainders
Diffstat (limited to 'applications/luci-firewall/luasrc/tools/firewall.lua')
| -rw-r--r-- | applications/luci-firewall/luasrc/tools/firewall.lua | 213 |
1 files changed, 213 insertions, 0 deletions
diff --git a/applications/luci-firewall/luasrc/tools/firewall.lua b/applications/luci-firewall/luasrc/tools/firewall.lua new file mode 100644 index 000000000..a2e3bce34 --- /dev/null +++ b/applications/luci-firewall/luasrc/tools/firewall.lua @@ -0,0 +1,213 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2011 Jo-Philipp Wich <xm@subsignal.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +module("luci.tools.firewall", package.seeall) + +local ut = require "luci.util" +local ip = require "luci.ip" +local nx = require "nixio" + +local tr, trf = luci.i18n.translate, luci.i18n.translatef + +function fmt_neg(x) + if type(x) == "string" then + local v, neg = x:gsub("^ *! *", "") + if neg > 0 then + return v, "%s " % tr("not") + else + return x, "" + end + end + return x, "" +end + +function fmt_mac(x) + if x and #x > 0 then + local m, n + local l = { tr("MAC"), " " } + for m in ut.imatch(x) do + m, n = fmt_neg(m) + l[#l+1] = "<var>%s%s</var>" %{ n, m } + l[#l+1] = ", " + end + if #l > 1 then + l[#l] = nil + if #l > 3 then + l[1] = tr("MACs") + end + return table.concat(l, "") + end + end +end + +function fmt_port(x) + if x and #x > 0 then + local p, n + local l = { tr("port"), " " } + for p in ut.imatch(x) do + p, n = fmt_neg(p) + local a, b = p:match("(%d+)%D+(%d+)") + if a and b then + l[1] = tr("ports") + l[#l+1] = "<var>%s%d-%d</var>" %{ n, a, b } + else + l[#l+1] = "<var>%s%d</var>" %{ n, p } + end + l[#l+1] = ", " + end + if #l > 1 then + l[#l] = nil + if #l > 3 then + l[1] = tr("ports") + end + return table.concat(l, "") + end + end +end + +function fmt_ip(x) + if x and #x > 0 then + local l = { tr("IP"), " " } + local v, a, n + for v in ut.imatch(x) do + v, n = fmt_neg(v) + a, m = v:match("(%S+)/(%d+%.%S+)") + a = a or v + a = a:match(":") and ip.IPv6(a, m) or ip.IPv4(a, m) + if a and (a:is6() or a:prefix() < 32) then + l[1] = tr("IP range") + l[#l+1] = "<var title='%s - %s'>%s%s</var>" %{ + a:minhost():string(), + a:maxhost():string(), + n, a:string() + } + else + l[#l+1] = "<var>%s%s</var>" %{ + n, + a and a:string() or v + } + end + l[#l+1] = ", " + end + if #l > 1 then + l[#l] = nil + if #l > 3 then + l[1] = tr("IPs") + end + return table.concat(l, "") + end + end +end + +function fmt_zone(x) + if x == "*" then + return "<var>%s</var>" % tr("any zone") + elseif x and #x > 0 then + return "<var>%s</var>" % x + end +end + +function fmt_icmp_type(x) + if x and #x > 0 then + local t, v, n + local l = { tr("type"), " " } + for v in ut.imatch(x) do + v, n = fmt_neg(v) + l[#l+1] = "<var>%s%s</var>" %{ n, v } + l[#l+1] = ", " + end + if #l > 1 then + l[#l] = nil + if #l > 3 then + l[1] = tr("types") + end + return table.concat(l, "") + end + end +end + +function fmt_proto(x, icmp_types) + if x and #x > 0 then + local v, n + local l = { } + local t = fmt_icmp_type(icmp_types) + for v in ut.imatch(x) do + v, n = fmt_neg(v) + if v == "tcpudp" then + l[#l+1] = "TCP" + l[#l+1] = "UDP" + l[#l+1] = ", " + elseif v ~= "all" then + local p = nx.getproto(v) + if p then + -- ICMP + if (p.proto == 1 or p.proto == 58) and t then + l[#l+1] = trf( + "%s%s with %s", + n, p.aliases[1] or p.name, t + ) + else + l[#l+1] = "%s%s" %{ + n, + p.aliases[1] or p.name + } + end + l[#l+1] = ", " + end + end + end + if #l > 0 then + l[#l] = nil + return table.concat(l, "") + end + end +end + +function fmt_limit(limit, burst) + burst = tonumber(burst) + if limit and #limit > 0 then + local l, u = limit:match("(%d+)/(%w+)") + l = tonumber(l or limit) + u = u or "second" + if l then + if u:match("^s") then + u = tr("second") + elseif u:match("^m") then + u = tr("minute") + elseif u:match("^h") then + u = tr("hour") + elseif u:match("^d") then + u = tr("day") + end + if burst and burst > 0 then + return trf("<var>%d</var> pkts. per <var>%s</var>, \ + burst <var>%d</var> pkts.", l, u, burst) + else + return trf("<var>%d</var> pkts. per <var>%s</var>", l, u) + end + end + end +end + +function fmt_target(x) + if x == "ACCEPT" then + return tr("Accept") + elseif x == "REJECT" then + return tr("Refuse") + elseif x == "NOTRACK" then + return tr("Do not track") + else --if x == "DROP" then + return tr("Discard") + end +end |