diff options
author | Steven Barth <steven@midlink.org> | 2008-08-04 23:36:33 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2008-08-04 23:36:33 +0000 |
commit | 9a63ad7c1066182458c6e35c4edb8f2308022b8c (patch) | |
tree | fecac8d12008ed8e509767ca8051b565e8fb527c /applications/luci-fw/luasrc/model/cbi/luci_fw | |
parent | 78fb71f88177ac7e9234065a8bdbe8310ffa95ad (diff) |
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration
Diffstat (limited to 'applications/luci-fw/luasrc/model/cbi/luci_fw')
6 files changed, 186 insertions, 72 deletions
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua new file mode 100644 index 0000000000..42be400c4e --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua @@ -0,0 +1,62 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1")) + + +s = m:section(TypedSection, "redirect", "") +s.addremove = true +s.anonymous = true + +name = s:option(Value, "_name", translate("name")) +name.rmempty = true +name.size = 10 + +iface = s:option(ListValue, "src", translate("fw_zone")) +iface.default = "wan" +luci.model.uci.foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +s:option(Value, "src_ip").optional = true +s:option(Value, "src_mac").optional = true + +sport = s:option(Value, "src_port") +sport.optional = true +sport:depends("proto", "tcp") +sport:depends("proto", "udp") + +proto = s:option(ListValue, "proto", translate("protocol")) +proto.optional = true +proto:value("") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") + +dport = s:option(Value, "src_dport") +dport.size = 5 +dport.optional = true +dport:depends("proto", "tcp") +dport:depends("proto", "udp") + +to = s:option(Value, "dest_ip") +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port") +toport.optional = true +toport.size = 5 + +return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua index 5ed45593b0..2919896118 100644 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua @@ -11,31 +11,23 @@ You may obtain a copy of the License at $Id$ ]]-- -m = Map("luci_fw", translate("fw_fw"), translate("fw_fw1")) +m = Map("firewall", translate("fw_rules"), translate("fw_rules1")) s = m:section(TypedSection, "rule", "") s.addremove = true s.anonymous = true -chain = s:option(ListValue, "chain") -chain:value("forward", "Forward") -chain:value("input", "Input") -chain:value("output", "Output") -chain:value("prerouting", "Prerouting") -chain:value("postrouting", "Postrouting") +iface = s:option(ListValue, "src") +iface:value("") +iface.rmempty = true -iface = s:option(ListValue, "iface") -iface.optional = true - -oface = s:option(ListValue, "oface") +oface = s:option(ListValue, "dest") oface.optional = true -luci.model.uci.foreach("network", "interface", +luci.model.uci.foreach("firewall", "zone", function (section) - if section[".name"] ~= "loopback" then - iface:value(section[".name"]) - oface:value(section[".name"]) - end + iface:value(section.name) + oface:value(section.name) end) proto = s:option(ListValue, "proto", translate("protocol")) @@ -43,43 +35,27 @@ proto.optional = true proto:value("") proto:value("tcp", "TCP") proto:value("udp", "UDP") +proto:value("icmp", "ICMP") -s:option(Value, "source").optional = true -s:option(Value, "destination").optional = true -s:option(Value, "mac").optional = true +s:option(Value, "src_ip").optional = true +s:option(Value, "dest_ip").optional = true +s:option(Value, "src_mac").optional = true -sport = s:option(Value, "sport") +sport = s:option(Value, "src_port") sport.optional = true sport:depends("proto", "tcp") sport:depends("proto", "udp") -dport = s:option(Value, "dport") +dport = s:option(Value, "dest_port") dport.optional = true dport:depends("proto", "tcp") dport:depends("proto", "udp") -tosrc = s:option(Value, "tosrc") -tosrc.optional = true -tosrc:depends("jump", "SNAT") - -tosrc = s:option(Value, "todest") -tosrc.optional = true -tosrc:depends("jump", "DNAT") - -jump = s:option(ListValue, "jump") +jump = s:option(ListValue, "target") jump.rmempty = true -jump:value("", "") +jump:value("DROP", translate("fw_drop")) jump:value("ACCEPT", translate("fw_accept")) jump:value("REJECT", translate("fw_reject")) -jump:value("DROP", translate("fw_drop")) -jump:value("LOG", translate("fw_log")) -jump:value("DNAT", translate("fw_dnat")) -jump:value("MASQUERADE", translate("fw_masq")) -jump:value("SNAT", translate("fw_snat")) - -add = s:option(Value, "command") -add.size = 50 -add.rmempty = true return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua new file mode 100644 index 0000000000..1a765abb74 --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua @@ -0,0 +1,67 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth <steven@midlink.org> + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +m = Map("firewall", translate("fw_fw"), translate("fw_fw1")) + +s = m:section(TypedSection, "defaults") +s.anonymous = true + +s:option(Flag, "syn_flood") + +p = {} +p[1] = s:option(ListValue, "input") +p[2] = s:option(ListValue, "output") +p[3] = s:option(ListValue, "forward") + +for i, v in ipairs(p) do + v:value("DROP", translate("fw_drop")) + v:value("ACCEPT", translate("fw_accept")) +end + + +s = m:section(TypedSection, "zone", translate("fw_zones")) +s.template = "cbi/tblsection" +s.anonymous = true +s.addremove = true + +name = s:option(Value, "name", translate("name")) +name.size = 8 + +p = {} +p[1] = s:option(ListValue, "input") +p[2] = s:option(ListValue, "output") +p[3] = s:option(ListValue, "forward") + +for i, v in ipairs(p) do + v:value("DROP", translate("fw_drop")) + v:value("ACCEPT", translate("fw_accept")) +end + +s:option(Flag, "masq") + +net = s:option(MultiValue, "network") +net.widget = "select" +net.rmempty = true +luci.model.uci.foreach("network", "interface", + function (section) + if section[".name"] ~= "loopback" then + net:value(section[".name"]) + end + end) + +function net.cfgvalue(self, section) + local value = MultiValue.cfgvalue(self, section) + return value or name:cfgvalue(section) +end + +return m
\ No newline at end of file diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua index 39eefa6599..44a7391856 100644 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua @@ -12,26 +12,33 @@ You may obtain a copy of the License at $Id$ ]]-- require("luci.sys") -m = Map("luci_fw", translate("fw_portfw"), translate("fw_portfw1")) +m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1")) -s = m:section(TypedSection, "portfw", "") -s:depends("iface", "wan") -s.defaults.iface = "wan" +s = m:section(TypedSection, "redirect", "") +s:depends("src", "wan") +s.defaults.src = "wan" s.template = "cbi/tblsection" s.addremove = true s.anonymous = true -name = s:option(Value, "_name", translate("name") .. translate("cbi_optional")) +name = s:option(Value, "_name", translate("name"), translate("cbi_optional")) +name.size = 10 -proto = s:option(ListValue, "proto", translate("protocol")) +proto = s:option(ListValue, "protocol", translate("protocol")) proto:value("tcp", "TCP") proto:value("udp", "UDP") -proto:value("tcpudp", "TCP + UDP") -dport = s:option(Value, "dport") +dport = s:option(Value, "src_dport") +dport.size = 5 -to = s:option(Value, "to") +to = s:option(Value, "dest_ip") +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port") +toport.size = 5 return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua index 72f3d7e1d6..c794410999 100644 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua @@ -12,29 +12,37 @@ You may obtain a copy of the License at $Id$ ]]-- require("luci.sys") -m = Map("luci_fw", translate("fw_portfw"), translate("fw_portfw1")) +m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1")) -s = m:section(TypedSection, "portfw", "") + +s = m:section(TypedSection, "redirect", "") s.template = "cbi/tblsection" s.addremove = true s.anonymous = true -iface = s:option(ListValue, "iface", translate("interface")) +name = s:option(Value, "_name", translate("name"), translate("cbi_optional")) +name.size = 10 + +iface = s:option(ListValue, "src", translate("fw_zone")) iface.default = "wan" -luci.model.uci.foreach("network", "interface", +luci.model.uci.foreach("firewall", "zone", function (section) - if section[".name"] ~= "loopback" then - iface:value(section[".name"]) - end + iface:value(section.name) end) proto = s:option(ListValue, "proto", translate("protocol")) proto:value("tcp", "TCP") proto:value("udp", "UDP") -proto:value("tcpudp", "TCP + UDP") -dport = s:option(Value, "dport") +dport = s:option(Value, "src_dport") +dport.size = 5 + +to = s:option(Value, "dest_ip") +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end -to = s:option(Value, "to") +toport = s:option(Value, "dest_port") +toport.size = 5 return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua index 56f1282c18..d542bcb7f8 100644 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua @@ -11,26 +11,20 @@ You may obtain a copy of the License at $Id$ ]]-- -m = Map("luci_fw", translate("fw_routing"), translate("fw_routing1")) +m = Map("firewall", translate("fw_forwarding"), translate("fw_forwarding1")) -s = m:section(TypedSection, "routing", "") +s = m:section(TypedSection, "forwarding", "") s.template = "cbi/tblsection" s.addremove = true s.anonymous = true -iface = s:option(ListValue, "iface") -oface = s:option(ListValue, "oface") +iface = s:option(ListValue, "src") +oface = s:option(ListValue, "dest") -luci.model.uci.foreach("network", "interface", +luci.model.uci.foreach("firewall", "zone", function (section) - if section[".name"] ~= "loopback" then - iface:value(section[".name"]) - oface:value(section[".name"]) - end + iface:value(section.name) + oface:value(section.name) end) -s:option(Flag, "fwd", "FWD").rmempty = true -s:option(Flag, "nat", "NAT").rmempty = true -s:option(Flag, "bidi", "<->").rmempty = true - return m |