diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2010-10-16 15:24:07 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2010-10-16 15:24:07 +0000 |
commit | 4ad99af940a90592b51729aa44a155f8053fd85b (patch) | |
tree | a7831d514ce075b023b454ffc89f8dd2b2f293dc /applications/luci-firewall/luasrc | |
parent | dd2abf2ea44b02bff72812de593a9e3976fe7f15 (diff) |
applications: rename luci-fw to luci-firewall
Diffstat (limited to 'applications/luci-firewall/luasrc')
7 files changed, 439 insertions, 0 deletions
diff --git a/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua b/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua new file mode 100644 index 000000000..766821af0 --- /dev/null +++ b/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua @@ -0,0 +1,13 @@ +module("luci.controller.luci_fw.luci_fw", package.seeall) + +function index() + require("luci.i18n").loadc("luci-fw") + local i18n = luci.i18n.translate + + entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw" + entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10) + entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true + entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true + + entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw" +end
\ No newline at end of file diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua new file mode 100644 index 000000000..44b15f2c7 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua @@ -0,0 +1,48 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +m = Map("firewall", translate("Port forwarding"), + translate("Port forwarding allows to provide network services in " .. + "the internal network to an external network.")) + + +s = m:section(TypedSection, "redirect", "") +s:depends("src", "wan") +s.defaults.src = "wan" + +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true + +name = s:option(Value, "_name", translate("Name"), translate("(optional)")) +name.size = 10 + +proto = s:option(ListValue, "proto", translate("Protocol")) +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("External port")) +dport.size = 5 + +to = s:option(Value, "dest_ip", translate("Internal IP address")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("Internal port"), + translate("(optional)")) +toport.size = 5 + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua new file mode 100644 index 000000000..da87015c8 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua @@ -0,0 +1,52 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +m = Map("firewall", translate("Traffic Redirection"), + translate("Traffic redirection allows you to change the " .. + "destination address of forwarded packets.")) + + +s = m:section(TypedSection, "redirect", "") +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true +s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s") + +name = s:option(Value, "_name", translate("Name"), translate("(optional)")) +name.size = 10 + +iface = s:option(ListValue, "src", translate("Zone")) +iface.default = "wan" +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +proto = s:option(ListValue, "proto", translate("Protocol")) +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("Source port")) +dport.size = 5 + +to = s:option(Value, "dest_ip", translate("Destination IP")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("Destination port")) +toport.size = 5 + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua new file mode 100644 index 000000000..63e014444 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua @@ -0,0 +1,80 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +arg[1] = arg[1] or "" + +m = Map("firewall", translate("Traffic Redirection"), + translate("Traffic redirection allows you to change the " .. + "destination address of forwarded packets.")) + + +s = m:section(NamedSection, arg[1], "redirect", "") +s.anonymous = true +s.addremove = false + +back = s:option(DummyValue, "_overview", translate("Overview")) +back.value = "" +back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect") + +name = s:option(Value, "_name", translate("Name")) +name.rmempty = true +name.size = 10 + +iface = s:option(ListValue, "src", translate("Source zone")) +iface.default = "wan" +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +s:option(Value, "src_ip", translate("Source IP address")).optional = true +s:option(Value, "src_mac", translate("Source MAC-address")).optional = true + +sport = s:option(Value, "src_port", translate("Source port"), + translate("Match incoming traffic originating from the given " .. + "source port or port range on the client host")) +sport.optional = true +sport:depends("proto", "tcp") +sport:depends("proto", "udp") +sport:depends("proto", "tcpudp") + +proto = s:option(ListValue, "proto", translate("Protocol")) +proto.optional = true +proto:value("") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("External port"), + translate("Match incoming traffic directed at the given " .. + "destination port or port range on this host")) +dport.size = 5 +dport:depends("proto", "tcp") +dport:depends("proto", "udp") +dport:depends("proto", "tcpudp") + +to = s:option(Value, "dest_ip", translate("Internal IP address"), + translate("Redirect matched incoming traffic to the specified " .. + "internal host")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("Internal port (optional)"), + translate("Redirect matched incoming traffic to the given port on " .. + "the internal host")) +toport.optional = true +toport.size = 5 + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua new file mode 100644 index 000000000..3bdc6db4c --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua @@ -0,0 +1,88 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> +Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("firewall", translate("Traffic Control")) +s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"), + translate("Here you can specify which network traffic is allowed " .. + "to flow between network zones. Only new connections will " .. + "be matched. Packets belonging to already open " .. + "connections are automatically allowed to pass the " .. + "firewall. If you experience occasional connection " .. + "problems try enabling MSS Clamping otherwise disable it " .. + "for performance reasons.")) +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true + +iface = s:option(ListValue, "src", translate("Source")) +oface = s:option(ListValue, "dest", translate("Destination")) + +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + oface:value(section.name) + end) + + + +s = m:section(TypedSection, "rule", translate("Rules")) +s.addremove = true +s.anonymous = true +s.template = "cbi/tblsection" +s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s") +s.defaults.target = "ACCEPT" + +local created = nil + +function s.create(self, section) + created = TypedSection.create(self, section) +end + +function s.parse(self, ...) + TypedSection.parse(self, ...) + if created then + m.uci:save("firewall") + luci.http.redirect(luci.dispatcher.build_url( + "admin", "network", "firewall", "rule", created + )) + end +end + +s:option(DummyValue, "_name", translate("Name")) +s:option(DummyValue, "proto", translate("Protocol")) + +src = s:option(DummyValue, "src", translate("Source")) +function src.cfgvalue(self, s) + return "%s:%s:%s" % { + self.map:get(s, "src") or "*", + self.map:get(s, "src_ip") or "0.0.0.0/0", + self.map:get(s, "src_port") or "*" + } +end + +dest = s:option(DummyValue, "dest", translate("Destination")) +function dest.cfgvalue(self, s) + return "%s:%s:%s" % { + self.map:get(s, "dest") or translate("Device"), + self.map:get(s, "dest_ip") or "0.0.0.0/0", + self.map:get(s, "dest_port") or "*" + } +end + + +s:option(DummyValue, "target", translate("Action")) + + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua new file mode 100644 index 000000000..0ce41e38c --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua @@ -0,0 +1,77 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +arg[1] = arg[1] or "" +m = Map("firewall", translate("Advanced Rules"), + translate("Advanced rules let you customize the firewall to your " .. + "needs. Only new connections will be matched. Packets " .. + "belonging to already open connections are automatically " .. + "allowed to pass the firewall.")) + +s = m:section(NamedSection, arg[1], "rule", "") +s.anonymous = true +s.addremove = false + +back = s:option(DummyValue, "_overview", translate("Overview")) +back.value = "" +back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule") + + +name = s:option(Value, "_name", translate("Name").." "..translate("(optional)")) +name.rmempty = true + +iface = s:option(ListValue, "src", translate("Source zone")) +iface.rmempty = true + +oface = s:option(ListValue, "dest", translate("Destination zone")) +oface:value("", translate("any")) +oface.rmempty = true + +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + oface:value(section.name) + end) + +proto = s:option(Value, "proto", translate("Protocol")) +proto.optional = true +proto:value("") +proto:value("all", translate("Any")) +proto:value("tcpudp", "TCP+UDP") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("icmp", "ICMP") + +s:option(Value, "src_ip", translate("Source address")).optional = true +s:option(Value, "dest_ip", translate("Destination address")).optional = true +s:option(Value, "src_mac", translate("Source MAC-address")).optional = true + +sport = s:option(Value, "src_port", translate("Source port")) +sport:depends("proto", "tcp") +sport:depends("proto", "udp") +sport:depends("proto", "tcpudp") + +dport = s:option(Value, "dest_port", translate("Destination port")) +dport:depends("proto", "tcp") +dport:depends("proto", "udp") +dport:depends("proto", "tcpudp") + +jump = s:option(ListValue, "target", translate("Action")) +jump.rmempty = true +jump.default = "ACCEPT" +jump:value("DROP", translate("drop")) +jump:value("ACCEPT", translate("accept")) +jump:value("REJECT", translate("reject")) + + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua new file mode 100644 index 000000000..edb82a9b5 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua @@ -0,0 +1,81 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +local nw = require "luci.model.network" +local fw = require "luci.model.firewall" + +require("luci.tools.webadmin") +m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow.")) + +fw.init(m.uci) +nw.init(m.uci) + +s = m:section(TypedSection, "defaults") +s.anonymous = true +s.addremove = false + +s:option(Flag, "syn_flood", translate("Enable SYN-flood protection")) + +local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets")) +di.rmempty = false +function di.cfgvalue(...) + return AbstractValue.cfgvalue(...) or "1" +end + +p = {} +p[1] = s:option(ListValue, "input", translate("Input")) +p[2] = s:option(ListValue, "output", translate("Output")) +p[3] = s:option(ListValue, "forward", translate("Forward")) + +for i, v in ipairs(p) do + v:value("REJECT", translate("reject")) + v:value("DROP", translate("drop")) + v:value("ACCEPT", translate("accept")) +end + + +s = m:section(TypedSection, "zone", translate("Zones")) +s.template = "cbi/tblsection" +s.anonymous = true +s.addremove = true + +name = s:option(Value, "name", translate("Name")) +name.size = 8 + +p = {} +p[1] = s:option(ListValue, "input", translate("Input")) +p[2] = s:option(ListValue, "output", translate("Output")) +p[3] = s:option(ListValue, "forward", translate("Forward")) + +for i, v in ipairs(p) do + v:value("REJECT", translate("reject")) + v:value("DROP", translate("drop")) + v:value("ACCEPT", translate("accept")) +end + +s:option(Flag, "masq", translate("Masquerading")) +s:option(Flag, "mtu_fix", translate("MSS clamping")) + +net = s:option(MultiValue, "network", translate("Network")) +net.template = "cbi/network_netlist" +net.widget = "checkbox" +net.rmempty = true +luci.tools.webadmin.cbi_add_networks(net) + +function net.cfgvalue(self, section) + local value = MultiValue.cfgvalue(self, section) + return value or name:cfgvalue(section) +end + +return m |