diff options
6 files changed, 755 insertions, 15 deletions
diff --git a/applications/luci-app-e2guardian/po/templates/e2guardian.pot b/applications/luci-app-e2guardian/po/templates/e2guardian.pot new file mode 100644 index 000000000..d65da124b --- /dev/null +++ b/applications/luci-app-e2guardian/po/templates/e2guardian.pot @@ -0,0 +1,483 @@ +msgid "" +msgstr "Content-Type: text/plain; charset=UTF-8" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:80 +msgid "Access denied address" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:29 +msgid "Additional Settings" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:138 +msgid "Age before they should be ignored in seconds" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:94 +msgid "Banned flash replacement" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:85 +msgid "Banned image replacement" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:185 +msgid "Build bannedsitelist and bannedurllist cache files" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:73 +msgid "CSV-style format" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:142 +msgid "Cache for content (AV) scans as 'clean'" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:134 +msgid "Clean result caching for URLs" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:254 +msgid "Content scan exceptions" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:250 +msgid "Content scanner timeout" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:99 +msgid "Custom banned flash file" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:90 +msgid "Custom banned image file" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:72 +msgid "DansgGuardian format, space delimited" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:318 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:322 +msgid "" +"Defines URL list IPC server directory and filename used to communicate with " +"the URL cache process" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:231 +msgid "Delete file cache after user completes download" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:326 +msgid "Disable deamoning" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:331 +msgid "Disable logger" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:246 +msgid "Download manager" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/controller/e2guardian.lua:21 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:21 +msgid "E2Guardian" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:336 +msgid "Enable logging of ADs" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:341 +msgid "Enable logging of client user agent" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:346 +msgid "Enable soft restart" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:227 +msgid "File cache directory" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:147 +msgid "Filtering options" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:28 +msgid "General Settings" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:160 +msgid "Hex decoding options" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:223 +msgid "How long a persistent connection will wait for other requests" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:42 +msgid "IP address of the proxy" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:314 +msgid "IP list IPC server directory and filename" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:35 +msgid "IP that E2Guardian listens" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:265 +msgid "" +"If on, it may help solve some problem sites that need to know the source ip." +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:236 +msgid "Initial Trickle delay" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:50 +msgid "Language dir" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:54 +msgid "Language to use" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:115 +msgid "List of IP exceptions" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:111 +msgid "List of banned IPs" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:107 +msgid "List of filter groups" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:65 +msgid "Log Exception Hits" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:71 +msgid "Log File Format" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:281 +msgid "Log child process handling" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:276 +msgid "Log debug info about log()ing and accept()ing" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:58 +msgid "Logging Settings" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:30 +msgid "Logs" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:154 +msgid "Lower caseing options" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:306 +msgid "Max age of child process" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:210 +msgid "Max content file cache scan size" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:200 +msgid "Max content filter size" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:205 +msgid "Max content ram cache scan size" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:310 +msgid "Max number of clinets allowed to connect" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:286 +msgid "Max number of processes to spawn" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:195 +msgid "Max upload size (in Kbytes)" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:294 +msgid "Min number of processes to keep ready" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:290 +msgid "Min number of processes to spawn" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:264 +msgid "Misc setting: forwardedfor" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:270 +msgid "Misc setting: usexforwardedfor" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:87 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:96 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:125 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:144 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:162 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:167 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:172 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:177 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:182 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:187 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:192 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:233 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:256 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:261 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:267 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:273 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:278 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:283 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:328 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:333 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:338 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:343 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:348 +msgid "No" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:103 +msgid "Number of filter groups" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:242 +msgid "" +"Number of seconds a browser connection is left waiting before being sent " +"more *something* to keep it alive" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:237 +msgid "" +"Number of seconds a browser connection is left waiting before first being " +"sent *something* to keep it alive" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:222 +msgid "Pconn timeout" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:119 +msgid "Per-Room blocking definition directory" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:180 +msgid "Perform reverse lookups on client IPs for successful requests" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:46 +msgid "Port of the proxy" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:38 +msgid "Port that E2Guardian listens" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:190 +msgid "Prefer cached list files" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:76 +msgid "Protex format" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:77 +msgid "Protex format with server field blanked" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:218 +msgid "Proxy header excahnge (20-300)" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:214 +msgid "Proxy timeout (5-100)" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:165 +msgid "Quick search" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:175 +msgid "Reverse lookups for banned and exception IP lists" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:170 +msgid "Reverse lookups for banned site and URLs" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:81 +msgid "" +"Server to which the cgi e2guardian reporting script was copied. Reporting " +"levels 1 and 2 only" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:298 +msgid "Sets minimum nuber of processes when it runs out" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:302 +msgid "Sets the maximum number of processes to have doing nothing" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:123 +msgid "Show weighted phrases found" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:74 +msgid "Squid Log File Format" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:75 +msgid "Tab delimited" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:201 +msgid "" +"The value must not be higher than max content ram cache scan size or 0 to " +"match it" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:271 +msgid "This is for when you have squid between the clients and E2Guardian" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:206 +msgid "This is the max size of file that DG will download and cache in RAM" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:241 +msgid "Trickle delay" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:128 +msgid "Weighted phrase mode" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:86 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:95 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:124 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:143 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:161 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:166 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:171 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:176 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:181 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:186 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:191 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:232 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:255 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:260 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:266 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:272 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:277 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:282 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:327 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:332 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:337 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:342 +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:347 +msgid "Yes" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:62 +msgid "all requests" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:61 +msgid "all text based" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:150 +msgid "both raw and smart" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:197 +msgid "complete block" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:156 +msgid "don't change" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:259 +msgid "e-check replaced URLs" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:155 +msgid "force lower case" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:60 +msgid "just denied" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:68 +msgid "log and mark" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:67 +msgid "log, but don't mark as exceptions" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:151 +msgid "meta/title" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:66 +msgid "never" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:196 +msgid "no blocking" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:311 +msgid "no limit" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:59 +msgid "none" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:129 +msgid "off" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:130 +msgid "on, normal operation" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:131 +msgid "on, phrase found only counts once on a page" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:148 +msgid "raw" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:157 +msgid "scan fist in lower, then in original" +msgstr "" + +#: applications/luci-app-e2guardian/luasrc/model/cbi/e2guardian.lua:149 +msgid "smart" +msgstr "" diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js index 3f1061a10..4d13752b3 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js @@ -13,12 +13,23 @@ return L.view.extend({ expect: { offload_support: false } }), + callConntrackHelpers: rpc.declare({ + object: 'luci', + method: 'conntrack_helpers', + expect: { helpers: [] } + }), + load: function() { - return this.callOffloadSupport(); + return Promise.all([ + this.callOffloadSupport(), + this.callConntrackHelpers() + ]); }, - render: function(hasOffloading) { - var m, s, o, inp, out; + render: function(data) { + var hasOffloading = data[0], + ctHelpers = data[1], + m, s, o, inp, out; m = new form.Map('firewall', _('Firewall - Zone Settings'), _('The firewall creates zones over your network interfaces to control network traffic flow.')); @@ -71,6 +82,8 @@ return L.view.extend({ s.tab('general', _('General Settings')); s.tab('advanced', _('Advanced Settings')); + s.tab('conntrack', _('Conntrack Settings')); + s.tab('extra', _('Extra iptables arguments')); o = s.taboption('general', form.DummyValue, '_generalinfo'); o.rawhtml = true; @@ -145,6 +158,9 @@ return L.view.extend({ zone_networks[0].addNetwork(zone_networks[i].getName()); }); }; + o.remove = function(section_id) { + return uci.set('firewall', section_id, 'network', ' '); + }; o = s.taboption('advanced', form.DummyValue, '_advancedinfo'); o.rawhtml = true; @@ -156,6 +172,15 @@ return L.view.extend({ .format(name); }; + o = s.taboption('advanced', widgets.DeviceSelect, 'device', _('Covered devices'), _('Use this option to classify zone traffic by raw, non-<em>uci</em> managed network devices.')); + o.modalonly = true; + o.multiple = true; + + o = s.taboption('advanced', form.DynamicList, 'subnet', _('Covered subnets'), _('Use this option to classify zone traffic by source or destination subnet instead of networks or devices.')); + o.datatype = 'neg(cidr)'; + o.modalonly = true; + o.multiple = true; + o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family')); o.value('', _('IPv4 and IPv6')); o.value('ipv4', _('IPv4 only')); @@ -176,8 +201,21 @@ return L.view.extend({ o.placeholder = '0.0.0.0/0'; o.modalonly = true; - o = s.taboption('advanced', form.Flag, 'conntrack', _('Force connection tracking')); + o = s.taboption('conntrack', form.Flag, 'conntrack', _('Force connection tracking'), _('Prevent the installation of <em>NOTRACK</em> rules which would bypass connection tracking.')); + o.modalonly = true; + + o = s.taboption('conntrack', form.Flag, 'masq_allow_invalid', _('Allow "invalid" traffic'), _('Do not install extra rules to reject forwarded traffic with conntrack state <em>invalid</em>. This may be required for complex asymmetric route setups.')); + o.modalonly = true; + + o = s.taboption('conntrack', form.Flag, 'auto_helper', _('Automatic helper assignment'), _('Automatically assign conntrack helpers based on traffic protocol and port')); + o.default = o.enabled; + o.modalonly = true; + + o = s.taboption('conntrack', form.MultiValue, 'helper', _('Conntrack helpers'), _('Explicitly choses allowed connection tracking helpers for zone traffic')); + o.depends('auto_helper', '0'); o.modalonly = true; + for (var i = 0; i < ctHelpers.length; i++) + o.value(ctHelpers[i].name, '<span class="hide-close">%s (%s)</span><span class="hide-open">%s</span>'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase(), ctHelpers[i].name.toUpperCase())); o = s.taboption('advanced', form.Flag, 'log', _('Enable logging on this zone')); o.modalonly = true; @@ -187,6 +225,33 @@ return L.view.extend({ o.placeholder = '10/minute'; o.modalonly = true; + o = s.taboption('extra', form.DummyValue, '_extrainfo'); + o.rawhtml = true; + o.modalonly = true; + o.cfgvalue = function(section_id) { + return _('Passing raw iptables arguments to source and destination traffic classification rules allows to match packets based on other criteria than interfaces or subnets. These options should be used with extreme care as invalid values could render the firewall ruleset broken, completely exposing all services.'); + }; + + o = s.taboption('extra', form.Value, 'extra_src', _('Extra source arguments'), _('Additional raw <em>iptables</em> arguments to classify zone source traffic, e.g. <code>-p tcp --sport 443</code> to only match inbound HTTPS traffic.')); + o.modalonly = true; + o.cfgvalue = function(section_id) { + return uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra'); + }; + o.write = function(section_id, value) { + uci.unset('firewall', section_id, 'extra'); + uci.set('firewall', section_id, 'extra_src', value); + }; + + o = s.taboption('extra', form.Value, 'extra_dest', _('Extra destination arguments'), _('Additional raw <em>iptables</em> arguments to classify zone destination traffic, e.g. <code>-p tcp --dport 443</code> to only match outbound HTTPS traffic.')); + o.modalonly = true; + o.cfgvalue = function(section_id) { + return uci.get('firewall', section_id, 'extra_dest') || uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra'); + }; + o.write = function(section_id, value) { + uci.unset('firewall', section_id, 'extra'); + uci.set('firewall', section_id, 'extra_dest', value); + }; + o = s.taboption('general', form.DummyValue, '_forwardinfo'); o.rawhtml = true; o.modalonly = true; diff --git a/modules/luci-base/htdocs/luci-static/resources/firewall.js b/modules/luci-base/htdocs/luci-static/resources/firewall.js index d034d6e01..9ae14e16d 100644 --- a/modules/luci-base/htdocs/luci-static/resources/firewall.js +++ b/modules/luci-base/htdocs/luci-static/resources/firewall.js @@ -375,6 +375,14 @@ Zone = AbstractFirewallItem.extend({ this.set('network', ' '); }, + getDevices: function() { + return L.toArray(this.get('device')); + }, + + getSubnets: function() { + return L.toArray(this.get('subnet')); + }, + getForwardingsBy: function(what) { var sections = uci.sections('firewall', 'forwarding'), forwards = []; diff --git a/modules/luci-base/htdocs/luci-static/resources/tools/widgets.js b/modules/luci-base/htdocs/luci-static/resources/tools/widgets.js index 3de1f8258..39e5aa165 100644 --- a/modules/luci-base/htdocs/luci-static/resources/tools/widgets.js +++ b/modules/luci-base/htdocs/luci-static/resources/tools/widgets.js @@ -199,10 +199,16 @@ var CBIZoneForwards = form.DummyValue.extend({ __name__: 'CBI.ZoneForwards', load: function(section_id) { - return Promise.all([ firewall.getDefaults(), firewall.getZones(), network.getNetworks() ]).then(L.bind(function(dzn) { - this.defaults = dzn[0]; - this.zones = dzn[1]; - this.networks = dzn[2]; + return Promise.all([ + firewall.getDefaults(), + firewall.getZones(), + network.getNetworks(), + network.getDevices() + ]).then(L.bind(function(dznd) { + this.defaults = dznd[0]; + this.zones = dznd[1]; + this.networks = dznd[2]; + this.devices = dznd[3]; return this.super('load', section_id); }, this)); @@ -211,6 +217,8 @@ var CBIZoneForwards = form.DummyValue.extend({ renderZone: function(zone) { var name = zone.getName(), networks = zone.getNetworks(), + devices = zone.getDevices(), + subnets = zone.getSubnets(), ifaces = []; for (var j = 0; j < networks.length; j++) { @@ -223,21 +231,39 @@ var CBIZoneForwards = form.DummyValue.extend({ 'class': 'ifacebadge' + (network.getName() == this.network ? ' ifacebadge-active' : '') }, network.getName() + ': '); - var devices = network.isBridge() ? network.getDevices() : L.toArray(network.getDevice()); + var subdevs = network.isBridge() ? network.getDevices() : L.toArray(network.getDevice()); - for (var k = 0; k < devices.length && devices[k]; k++) { + for (var k = 0; k < subdevs.length && subdevs[k]; k++) { span.appendChild(E('img', { - 'title': devices[k].getI18n(), - 'src': L.resource('icons/%s%s.png'.format(devices[k].getType(), devices[k].isUp() ? '' : '_disabled')) + 'title': subdevs[k].getI18n(), + 'src': L.resource('icons/%s%s.png'.format(subdevs[k].getType(), subdevs[k].isUp() ? '' : '_disabled')) })); } - if (!devices.length) + if (!subdevs.length) span.appendChild(E('em', _('(empty)'))); ifaces.push(span); } + for (var i = 0; i < devices.length; i++) { + var device = this.devices.filter(function(dev) { return dev.getName() == devices[i] })[0], + title = device ? device.getI18n() : _('Absent Interface'), + type = device ? device.getType() : 'ethernet', + up = device ? device.isUp() : false; + + ifaces.push(E('span', { 'class': 'ifacebadge' }, [ + E('img', { + 'title': title, + 'src': L.resource('icons/%s%s.png'.format(type, up ? '' : '_disabled')) + }), + device ? device.getName() : devices[i] + ])); + } + + if (subnets.length > 0) + ifaces.push(E('span', { 'class': 'ifacebadge' }, [ '{ %s }'.format(subnets.join('; ')) ])); + if (!ifaces.length) ifaces.push(E('span', { 'class': 'ifacebadge' }, E('em', _('(empty)')))); @@ -390,9 +416,120 @@ var CBINetworkSelect = form.ListValue.extend({ }, }); +var CBIDeviceSelect = form.ListValue.extend({ + __name__: 'CBI.DeviceSelect', + + load: function(section_id) { + return network.getDevices().then(L.bind(function(devices) { + this.devices = devices; + + return this.super('load', section_id); + }, this)); + }, + + filter: function(section_id, value) { + return true; + }, + + renderWidget: function(section_id, option_index, cfgvalue) { + var values = L.toArray((cfgvalue != null) ? cfgvalue : this.default), + choices = {}, + checked = {}, + order = []; + + for (var i = 0; i < values.length; i++) + checked[values[i]] = true; + + values = []; + + if (!this.multiple && (this.rmempty || this.optional)) + choices[''] = E('em', _('unspecified')); + + for (var i = 0; i < this.devices.length; i++) { + var device = this.devices[i], + name = device.getName(), + type = device.getType(); + + if (name == 'lo' || name == this.exclude || !this.filter(section_id, name)) + continue; + + if (this.noaliases && type == 'alias') + continue; + + if (this.nobridges && type == 'bridge') + continue; + + if (this.noinactive && device.isUp() == false) + continue; + + var item = E([ + E('img', { + 'title': device.getI18n(), + 'src': L.resource('icons/%s%s.png'.format(type, device.isUp() ? '' : '_disabled')) + }), + E('span', { 'class': 'hide-open' }, [ name ]), + E('span', { 'class': 'hide-close'}, [ device.getI18n() ]) + ]); + + var networks = device.getNetworks(); + + if (networks.length > 0) + L.dom.append(item.lastChild, [ ' (', networks.join(', '), ')' ]); + + if (checked[name]) + values.push(name); + + choices[name] = item; + order.push(name); + } + + if (!this.nocreate) { + var keys = Object.keys(checked).sort(); + + for (var i = 0; i < keys.length; i++) { + if (choices.hasOwnProperty(keys[i])) + continue; + + choices[keys[i]] = E([ + E('img', { + 'title': _('Absent Interface'), + 'src': L.resource('icons/ethernet_disabled.png') + }), + E('span', { 'class': 'hide-open' }, [ keys[i] ]), + E('span', { 'class': 'hide-close'}, [ '%s: "%h"'.format(_('Absent Interface'), keys[i]) ]) + ]); + + values.push(keys[i]); + order.push(keys[i]); + } + } + + var widget = new ui.Dropdown(this.multiple ? values : values[0], choices, { + id: this.cbid(section_id), + sort: order, + multiple: this.multiple, + optional: this.optional || this.rmempty, + select_placeholder: E('em', _('unspecified')), + display_items: this.display_size || this.size || 3, + dropdown_items: this.dropdown_size || this.size || 5, + validate: L.bind(this.validate, this, section_id), + create: !this.nocreate, + create_markup: '' + + '<li data-value="{{value}}">' + + '<img title="'+_('Custom Interface')+': "{{value}}"" src="'+L.resource('icons/ethernet_disabled.png')+'" />' + + '<span class="hide-open">{{value}}</span>' + + '<span class="hide-close">'+_('Custom Interface')+': "{{value}}"</span>' + + '</li>' + }); + + return widget.render(); + }, +}); + return L.Class.extend({ ZoneSelect: CBIZoneSelect, ZoneForwards: CBIZoneForwards, - NetworkSelect: CBINetworkSelect + NetworkSelect: CBINetworkSelect, + DeviceSelect: CBIDeviceSelect, }); diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci index 55233d6d0..7644745ef 100755 --- a/modules/luci-base/root/usr/libexec/rpcd/luci +++ b/modules/luci-base/root/usr/libexec/rpcd/luci @@ -285,6 +285,41 @@ local methods = { local fs = require "nixio.fs" return { offload_support = not not fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") } end + }, + + conntrack_helpers = { + call = function() + local fd = io.open("/usr/share/fw3/helpers.conf", "r") + local rv = {} + + local line, entry + while true do + line = fd:read("*l") + if not line then + break + end + + if line:match("^%s*config%s") then + if entry then + rv[#rv+1] = entry + end + entry = {} + else + local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$") + if opt and val then + opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + entry[opt] = val + end + end + end + + if entry then + rv[#rv+1] = entry + end + + return { helpers = rv } + end } } diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index a9baef8f9..de145ce78 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -13,7 +13,7 @@ "read": { "ubus": { "iwinfo": [ "info" ], - "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "offload_support", "usb" ], + "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ], "network.device": [ "status" ], "network.interface": [ "dump" ], "network.wireless": [ "status" ], @@ -28,5 +28,17 @@ }, "uci": [ "*" ] } + }, + "luci-app-firewall": { + "description": "Grant access to firewall procedures", + "read": { + "ubus": { + "luci": [ "conntrack_helpers", "offload_support" ] + }, + "uci": [ "firewall" ] + }, + "write": { + "uci": [ "firewall" ] + } } } |