applications/luci-fw: Reworked to use the new native UCI-based firewall configuration

author: Steven Barth <steven@midlink.org> 2008-08-04 23:36:33 +0000
committer: Steven Barth <steven@midlink.org> 2008-08-04 23:36:33 +0000
commit: 9a63ad7c1066182458c6e35c4edb8f2308022b8c (patch)
tree: fecac8d12008ed8e509767ca8051b565e8fb527c /applications/luci-fw/luasrc/model
parent: 78fb71f88177ac7e9234065a8bdbe8310ffa95ad (diff)
6 files changed, 186 insertions, 72 deletions
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua
new file mode 100644
index 0000000000..42be400c4e
--- /dev/null
+++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua
@@ -0,0 +1,62 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1"))
+
+
+s = m:section(TypedSection, "redirect", "")
+s.addremove = true
+s.anonymous = true
+
+name = s:option(Value, "_name", translate("name"))
+name.rmempty = true
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("fw_zone"))
+iface.default = "wan"
+luci.model.uci.foreach("firewall", "zone",
+	function (section)
+		iface:value(section.name)
+	end)
+	
+s:option(Value, "src_ip").optional = true
+s:option(Value, "src_mac").optional = true
+
+sport = s:option(Value, "src_port")
+sport.optional = true
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+
+proto = s:option(ListValue, "proto", translate("protocol"))
+proto.optional = true
+proto:value("")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+
+dport = s:option(Value, "src_dport")
+dport.size = 5
+dport.optional = true
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+
+to = s:option(Value, "dest_ip")
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+	to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port")
+toport.optional = true
+toport.size = 5
+
+return m
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua
index 5ed45593b0..2919896118 100644
--- a/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua
+++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua
@@ -11,31 +11,23 @@ You may obtain a copy of the License at
 
 $Id$
 ]]--
-m = Map("luci_fw", translate("fw_fw"), translate("fw_fw1"))
+m = Map("firewall", translate("fw_rules"), translate("fw_rules1"))
 
 s = m:section(TypedSection, "rule", "")
 s.addremove = true
 s.anonymous = true
 
-chain = s:option(ListValue, "chain")
-chain:value("forward", "Forward")
-chain:value("input", "Input")
-chain:value("output", "Output")
-chain:value("prerouting", "Prerouting")
-chain:value("postrouting", "Postrouting")
+iface = s:option(ListValue, "src")
+iface:value("")
+iface.rmempty = true
 
-iface = s:option(ListValue, "iface")
-iface.optional = true
-
-oface = s:option(ListValue, "oface")
+oface = s:option(ListValue, "dest")
 oface.optional = true
 
-luci.model.uci.foreach("network", "interface",
+luci.model.uci.foreach("firewall", "zone",
 	function (section)
-		if section[".name"] ~= "loopback" then
-			iface:value(section[".name"])
-			oface:value(section[".name"])
-		end
+		iface:value(section.name)
+		oface:value(section.name)
 	end)
 
 proto = s:option(ListValue, "proto", translate("protocol"))
@@ -43,43 +35,27 @@ proto.optional = true
 proto:value("")
 proto:value("tcp", "TCP")
 proto:value("udp", "UDP")
+proto:value("icmp", "ICMP")
 
-s:option(Value, "source").optional = true
-s:option(Value, "destination").optional = true
-s:option(Value, "mac").optional = true
+s:option(Value, "src_ip").optional = true
+s:option(Value, "dest_ip").optional = true
+s:option(Value, "src_mac").optional = true
 
-sport = s:option(Value, "sport")
+sport = s:option(Value, "src_port")
 sport.optional = true
 sport:depends("proto", "tcp")
 sport:depends("proto", "udp")
 
-dport = s:option(Value, "dport")
+dport = s:option(Value, "dest_port")
 dport.optional = true
 dport:depends("proto", "tcp")
 dport:depends("proto", "udp")
 
-tosrc = s:option(Value, "tosrc")
-tosrc.optional = true
-tosrc:depends("jump", "SNAT")
-
-tosrc = s:option(Value, "todest")
-tosrc.optional = true
-tosrc:depends("jump", "DNAT")
-
-jump = s:option(ListValue, "jump")
+jump = s:option(ListValue, "target")
 jump.rmempty = true
-jump:value("", "")
+jump:value("DROP", translate("fw_drop"))
 jump:value("ACCEPT", translate("fw_accept"))
 jump:value("REJECT", translate("fw_reject"))
-jump:value("DROP", translate("fw_drop"))
-jump:value("LOG", translate("fw_log"))
-jump:value("DNAT", translate("fw_dnat"))
-jump:value("MASQUERADE", translate("fw_masq"))
-jump:value("SNAT", translate("fw_snat"))
-
 
-add = s:option(Value, "command")
-add.size = 50
-add.rmempty = true
 
 return m
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua
new file mode 100644
index 0000000000..1a765abb74
--- /dev/null
+++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua
@@ -0,0 +1,67 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+m = Map("firewall", translate("fw_fw"), translate("fw_fw1"))
+
+s = m:section(TypedSection, "defaults")
+s.anonymous = true
+
+s:option(Flag, "syn_flood")
+
+p = {}
+p[1] = s:option(ListValue, "input")
+p[2] = s:option(ListValue, "output")
+p[3] = s:option(ListValue, "forward")
+
+for i, v in ipairs(p) do
+	v:value("DROP", translate("fw_drop"))
+	v:value("ACCEPT", translate("fw_accept"))
+end
+
+
+s = m:section(TypedSection, "zone", translate("fw_zones"))
+s.template = "cbi/tblsection"
+s.anonymous = true
+s.addremove = true
+
+name = s:option(Value, "name", translate("name"))
+name.size = 8
+
+p = {}
+p[1] = s:option(ListValue, "input")
+p[2] = s:option(ListValue, "output")
+p[3] = s:option(ListValue, "forward")
+
+for i, v in ipairs(p) do
+	v:value("DROP", translate("fw_drop"))
+	v:value("ACCEPT", translate("fw_accept"))
+end
+
+s:option(Flag, "masq")
+
+net = s:option(MultiValue, "network")
+net.widget = "select"
+net.rmempty = true
+luci.model.uci.foreach("network", "interface",
+	function (section)
+		if section[".name"] ~= "loopback" then
+			net:value(section[".name"])
+		end
+	end)
+	
+function net.cfgvalue(self, section)
+	local value = MultiValue.cfgvalue(self, section)
+	return value or name:cfgvalue(section)
+end
+
+return m
+\ No newline at end of file
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua
index 39eefa6599..44a7391856 100644
--- a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua
+++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua
@@ -12,26 +12,33 @@ You may obtain a copy of the License at
 $Id$
 ]]--
 require("luci.sys")
-m = Map("luci_fw", translate("fw_portfw"), translate("fw_portfw1"))
+m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1"))
 
 
-s = m:section(TypedSection, "portfw", "")
-s:depends("iface", "wan")
-s.defaults.iface = "wan"
+s = m:section(TypedSection, "redirect", "")
+s:depends("src", "wan")
+s.defaults.src = "wan"
 
 s.template  = "cbi/tblsection"
 s.addremove = true
 s.anonymous = true
 
-name = s:option(Value, "_name", translate("name") .. translate("cbi_optional"))
+name = s:option(Value, "_name", translate("name"), translate("cbi_optional"))
+name.size = 10
 
-proto = s:option(ListValue, "proto", translate("protocol"))
+proto = s:option(ListValue, "protocol", translate("protocol"))
 proto:value("tcp", "TCP")
 proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP + UDP")
 
-dport = s:option(Value, "dport")
+dport = s:option(Value, "src_dport")
+dport.size = 5
 
-to = s:option(Value, "to")
+to = s:option(Value, "dest_ip")
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+	to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port")
+toport.size = 5
 
 return m
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua
index 72f3d7e1d6..c794410999 100644
--- a/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua
+++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua
@@ -12,29 +12,37 @@ You may obtain a copy of the License at
 $Id$
 ]]--
 require("luci.sys")
-m = Map("luci_fw", translate("fw_portfw"), translate("fw_portfw1"))
+m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1"))
 
-s = m:section(TypedSection, "portfw", "")
+
+s = m:section(TypedSection, "redirect", "")
 s.template  = "cbi/tblsection"
 s.addremove = true
 s.anonymous = true
 
-iface = s:option(ListValue, "iface", translate("interface"))
+name = s:option(Value, "_name", translate("name"), translate("cbi_optional"))
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("fw_zone"))
 iface.default = "wan"
-luci.model.uci.foreach("network", "interface",
+luci.model.uci.foreach("firewall", "zone",
 	function (section)
-		if section[".name"] ~= "loopback" then
-			iface:value(section[".name"])
-		end
+		iface:value(section.name)
 	end)
 
 proto = s:option(ListValue, "proto", translate("protocol"))
 proto:value("tcp", "TCP")
 proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP + UDP")
 
-dport = s:option(Value, "dport")
+dport = s:option(Value, "src_dport")
+dport.size = 5
+
+to = s:option(Value, "dest_ip")
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+	to:value(dataset["IP address"])
+end
 
-to = s:option(Value, "to")
+toport = s:option(Value, "dest_port")
+toport.size = 5
 
 return m
diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua
index 56f1282c18..d542bcb7f8 100644
--- a/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua
+++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua
@@ -11,26 +11,20 @@ You may obtain a copy of the License at
 
 $Id$
 ]]--
-m = Map("luci_fw", translate("fw_routing"), translate("fw_routing1"))
+m = Map("firewall", translate("fw_forwarding"), translate("fw_forwarding1"))
 
-s = m:section(TypedSection, "routing", "")
+s = m:section(TypedSection, "forwarding", "")
 s.template  = "cbi/tblsection"
 s.addremove = true
 s.anonymous = true
 
-iface = s:option(ListValue, "iface")
-oface = s:option(ListValue, "oface")
+iface = s:option(ListValue, "src")
+oface = s:option(ListValue, "dest")
 
-luci.model.uci.foreach("network", "interface",
+luci.model.uci.foreach("firewall", "zone",
 	function (section)
-		if section[".name"] ~= "loopback" then
-			iface:value(section[".name"])
-			oface:value(section[".name"])
-		end
+			iface:value(section.name)
+			oface:value(section.name)
 	end)
 
-s:option(Flag, "fwd", "FWD").rmempty = true
-s:option(Flag, "nat", "NAT").rmempty = true
-s:option(Flag, "bidi", "<->").rmempty = true
-
 return m
author	Steven Barth <steven@midlink.org>	2008-08-04 23:36:33 +0000
committer	Steven Barth <steven@midlink.org>	2008-08-04 23:36:33 +0000
commit	9a63ad7c1066182458c6e35c4edb8f2308022b8c (patch)
tree	fecac8d12008ed8e509767ca8051b565e8fb527c /applications/luci-fw/luasrc/model
parent	78fb71f88177ac7e9234065a8bdbe8310ffa95ad (diff)