diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-20 22:27:39 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2015-10-20 22:27:39 +0200 |
commit | d4666757b746fe88c517a605a6f3b9dbcaa0ff93 (patch) | |
tree | 682037a4e169cfca4058fab69de202ef801b3e29 /modules/luci-mod-admin-full/luasrc | |
parent | 8bb749ecc3b5f7f836f744f0056e90ac78522926 (diff) |
luci-mod-admin-full: protect iptables counter reset and restart with token
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Diffstat (limited to 'modules/luci-mod-admin-full/luasrc')
-rw-r--r-- | modules/luci-mod-admin-full/luasrc/controller/admin/status.lua | 23 | ||||
-rw-r--r-- | modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm | 143 |
2 files changed, 80 insertions, 86 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua index 1ceb24d16a..24db1e4ff5 100644 --- a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua +++ b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua @@ -7,7 +7,10 @@ module("luci.controller.admin.status", package.seeall) function index() entry({"admin", "status"}, alias("admin", "status", "overview"), _("Status"), 20).index = true entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1) - entry({"admin", "status", "iptables"}, call("action_iptables"), _("Firewall"), 2).leaf = true + + entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true + entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true + entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3) entry({"admin", "status", "syslog"}, call("action_syslog"), _("System Log"), 4) entry({"admin", "status", "dmesg"}, call("action_dmesg"), _("Kernel Log"), 5) @@ -42,22 +45,16 @@ end function action_iptables() if luci.http.formvalue("zero") then - if luci.http.formvalue("zero") == "6" then - luci.util.exec("ip6tables -Z") + if luci.http.formvalue("family") == "6" then + luci.util.exec("/usr/sbin/ip6tables -Z") else - luci.util.exec("iptables -Z") + luci.util.exec("/usr/sbin/iptables -Z") end - luci.http.redirect( - luci.dispatcher.build_url("admin", "status", "iptables") - ) - elseif luci.http.formvalue("restart") == "1" then + elseif luci.http.formvalue("restart") then luci.util.exec("/etc/init.d/firewall restart") - luci.http.redirect( - luci.dispatcher.build_url("admin", "status", "iptables") - ) - else - luci.template.render("admin_status/iptables") end + + luci.http.redirect(luci.dispatcher.build_url("admin/status/iptables")) end function action_bandwidth(iface) diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm b/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm index 3757388699..f49469a599 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm @@ -1,6 +1,6 @@ <%# Copyright 2008-2009 Steven Barth <steven@midlink.org> - Copyright 2008-2011 Jo-Philipp Wich <jow@openwrt.org> + Copyright 2008-2015 Jo-Philipp Wich <jow@openwrt.org> Licensed to the public under the Apache License 2.0. -%> @@ -37,7 +37,7 @@ local net = wba.iface_get_network(i) if net and i ~= "lo" then return '<a href="%s">%s</a>' %{ - luci.dispatcher.build_url("admin", "network", "network", net), i + url("admin/network/network", net), i } end @@ -60,6 +60,7 @@ </style> <h2 name="content"><%:Firewall Status%></h2> +<br /> <% if has_ip6tables then %> <ul class="cbi-tabmenu"> @@ -68,82 +69,78 @@ </ul> <% end %> -<form method="post" action="<%=REQUEST_URI%>"> - <div class="cbi-map"> - <fieldset class="cbi-section"> - <h3><%:Actions%></h3> - <ul> - <li><a href="<%=REQUEST_URI%>?zero=<%=mode%>"><%:Reset Counters%></a></li> - <li><a href="<%=REQUEST_URI%>?restart=1"><%:Restart Firewall%></a></li> - </ul> - <br /><br /> - - <% for _, tbl in ipairs(tables) do chaincnt = 0 %> - <h3><%:Table%>: <%=tbl%></h3> - <table class="cbi-section-table" style="font-size:90%"> - <% for _, chain in ipairs(ipt:chains(tbl)) do - rowcnt = 0 - chaincnt = chaincnt + 1 - chaininfo = ipt:chain(tbl, chain) - %> - <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>"> - <th class="cbi-section-table-cell" style="text-align:left" colspan="11"> - <br /><span id="rule_<%=tbl:lower()%>_<%=chain%>"> - <%:Chain%> <em><%=chain%></em> - (<%- if chaininfo.policy then -%> - <%:Policy%>: <em><%=chaininfo.policy%></em>, <%:Packets%>: <%=chaininfo.packets%>, <%:Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%> - <%- else -%> - <%:References%>: <%=chaininfo.references-%> - <%- end -%>)</span> - </th> +<div class="cbi-map" style="position: relative"> + + <form method="post" action="<%=url("admin/status/iptables_action")%>" style="position: absolute; right: 0"> + <input type="hidden" name="token" value="<%=token%>" /> + <input type="hidden" name="family" value="<%=mode%>" /> + <input type="submit" class="cbi-button" name="zero" value="<%:Reset Counters%>" /> + <input type="submit" class="cbi-button" name="restart" value="<%:Restart Firewall%>" /> + </form> + + <fieldset class="cbi-section"> + + <% for _, tbl in ipairs(tables) do chaincnt = 0 %> + <h3><%:Table%>: <%=tbl%></h3> + <table class="cbi-section-table" style="font-size:90%"> + <% for _, chain in ipairs(ipt:chains(tbl)) do + rowcnt = 0 + chaincnt = chaincnt + 1 + chaininfo = ipt:chain(tbl, chain) + %> + <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>"> + <th class="cbi-section-table-cell" style="text-align:left" colspan="11"> + <br /><span id="rule_<%=tbl:lower()%>_<%=chain%>"> + <%:Chain%> <em><%=chain%></em> + (<%- if chaininfo.policy then -%> + <%:Policy%>: <em><%=chaininfo.policy%></em>, <%:Packets%>: <%=chaininfo.packets%>, <%:Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%> + <%- else -%> + <%:References%>: <%=chaininfo.references-%> + <%- end -%>)</span> + </th> + </tr> + <tr class="cbi-section-table-descr"> + <th class="cbi-section-table-cell"><%:Pkts.%></th> + <th class="cbi-section-table-cell"><%:Traffic%></th> + <th class="cbi-section-table-cell"><%:Target%></th> + <th class="cbi-section-table-cell"><%:Prot.%></th> + <th class="cbi-section-table-cell"><%:In%></th> + <th class="cbi-section-table-cell"><%:Out%></th> + <th class="cbi-section-table-cell"><%:Source%></th> + <th class="cbi-section-table-cell"><%:Destination%></th> + <th class="cbi-section-table-cell" style="width:30%"><%:Options%></th> + </tr> + + <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %> + <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>"> + <td><%=rule.packets%></td> + <td style="white-space: nowrap"><%=wba.byte_format(rule.bytes)%></td> + <td><%=rule.target and link_target(tbl, rule.target) or "-"%></td> + <td><%=rule.protocol%></td> + <td><%=link_iface(rule.inputif)%></td> + <td><%=link_iface(rule.outputif)%></td> + <td><%=rule.source%></td> + <td><%=rule.destination%></td> + <td style="width:30%"><small><%=#rule.options > 0 and luci.util.pcdata(table.concat(rule.options, " ")) or "-"%></small></td> </tr> - <tr class="cbi-section-table-descr"> - <th class="cbi-section-table-cell"><%:Rule #%></th> - <th class="cbi-section-table-cell"><%:Pkts.%></th> - <th class="cbi-section-table-cell"><%:Traffic%></th> - <th class="cbi-section-table-cell"><%:Target%></th> - <th class="cbi-section-table-cell"><%:Prot.%></th> - <th class="cbi-section-table-cell"><%:Flags%></th> - <th class="cbi-section-table-cell"><%:In%></th> - <th class="cbi-section-table-cell"><%:Out%></th> - <th class="cbi-section-table-cell"><%:Source%></th> - <th class="cbi-section-table-cell"><%:Destination%></th> - <th class="cbi-section-table-cell" style="width:30%"><%:Options%></th> - </tr> - - <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %> - <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>"> - <td><%=rule.index%></td> - <td><%=rule.packets%></td> - <td><%=wba.byte_format(rule.bytes)%></td> - <td><%=rule.target and link_target(tbl, rule.target) or "-"%></td> - <td><%=rule.protocol%></td> - <td><%=rule.flags%></td> - <td><%=link_iface(rule.inputif)%></td> - <td><%=link_iface(rule.outputif)%></td> - <td><%=rule.source%></td> - <td><%=rule.destination%></td> - <td style="width:30%"><small><%=#rule.options > 0 and luci.util.pcdata(table.concat(rule.options, " ")) or "-"%></small></td> - </tr> - <% end %> - - <% if rowcnt == 1 then %> - <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>"> - <td colspan="11"><em><%:No rules in this chain%></em></td> - </tr> - <% end %> <% end %> - <% if chaincnt == 0 then %> + <% if rowcnt == 1 then %> <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>"> - <td colspan="11"><em><%:No chains in this table%></em></td> + <td colspan="9"><em><%:No rules in this chain%></em></td> </tr> <% end %> - </table> - <br /><br /> - <% end %> - </fieldset> - </div> -</form> + <% end %> + + <% if chaincnt == 0 then %> + <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>"> + <td colspan="9"><em><%:No chains in this table%></em></td> + </tr> + <% end %> + </table> + <br /><br /> + <% end %> + </fieldset> +</div> <%+footer%> |