diff options
Diffstat (limited to 'applications/luci-fw')
9 files changed, 0 insertions, 698 deletions
diff --git a/applications/luci-fw/Makefile b/applications/luci-fw/Makefile deleted file mode 100644 index 87e881d95..000000000 --- a/applications/luci-fw/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -PO = luci-fw - -include ../../build/config.mk -include ../../build/module.mk diff --git a/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua b/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua deleted file mode 100644 index 766821af0..000000000 --- a/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua +++ /dev/null @@ -1,13 +0,0 @@ -module("luci.controller.luci_fw.luci_fw", package.seeall) - -function index() - require("luci.i18n").loadc("luci-fw") - local i18n = luci.i18n.translate - - entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw" - entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10) - entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true - entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true - - entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw" -end
\ No newline at end of file diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua deleted file mode 100644 index 44b15f2c7..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua +++ /dev/null @@ -1,48 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth <steven@midlink.org> - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -m = Map("firewall", translate("Port forwarding"), - translate("Port forwarding allows to provide network services in " .. - "the internal network to an external network.")) - - -s = m:section(TypedSection, "redirect", "") -s:depends("src", "wan") -s.defaults.src = "wan" - -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true - -name = s:option(Value, "_name", translate("Name"), translate("(optional)")) -name.size = 10 - -proto = s:option(ListValue, "proto", translate("Protocol")) -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport", translate("External port")) -dport.size = 5 - -to = s:option(Value, "dest_ip", translate("Internal IP address")) -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port", translate("Internal port"), - translate("(optional)")) -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua deleted file mode 100644 index da87015c8..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua +++ /dev/null @@ -1,52 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth <steven@midlink.org> - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -m = Map("firewall", translate("Traffic Redirection"), - translate("Traffic redirection allows you to change the " .. - "destination address of forwarded packets.")) - - -s = m:section(TypedSection, "redirect", "") -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true -s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s") - -name = s:option(Value, "_name", translate("Name"), translate("(optional)")) -name.size = 10 - -iface = s:option(ListValue, "src", translate("Zone")) -iface.default = "wan" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - end) - -proto = s:option(ListValue, "proto", translate("Protocol")) -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport", translate("Source port")) -dport.size = 5 - -to = s:option(Value, "dest_ip", translate("Destination IP")) -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port", translate("Destination port")) -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua deleted file mode 100644 index 63e014444..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua +++ /dev/null @@ -1,80 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth <steven@midlink.org> - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -arg[1] = arg[1] or "" - -m = Map("firewall", translate("Traffic Redirection"), - translate("Traffic redirection allows you to change the " .. - "destination address of forwarded packets.")) - - -s = m:section(NamedSection, arg[1], "redirect", "") -s.anonymous = true -s.addremove = false - -back = s:option(DummyValue, "_overview", translate("Overview")) -back.value = "" -back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect") - -name = s:option(Value, "_name", translate("Name")) -name.rmempty = true -name.size = 10 - -iface = s:option(ListValue, "src", translate("Source zone")) -iface.default = "wan" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - end) - -s:option(Value, "src_ip", translate("Source IP address")).optional = true -s:option(Value, "src_mac", translate("Source MAC-address")).optional = true - -sport = s:option(Value, "src_port", translate("Source port"), - translate("Match incoming traffic originating from the given " .. - "source port or port range on the client host")) -sport.optional = true -sport:depends("proto", "tcp") -sport:depends("proto", "udp") -sport:depends("proto", "tcpudp") - -proto = s:option(ListValue, "proto", translate("Protocol")) -proto.optional = true -proto:value("") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport", translate("External port"), - translate("Match incoming traffic directed at the given " .. - "destination port or port range on this host")) -dport.size = 5 -dport:depends("proto", "tcp") -dport:depends("proto", "udp") -dport:depends("proto", "tcpudp") - -to = s:option(Value, "dest_ip", translate("Internal IP address"), - translate("Redirect matched incoming traffic to the specified " .. - "internal host")) -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port", translate("Internal port (optional)"), - translate("Redirect matched incoming traffic to the given port on " .. - "the internal host")) -toport.optional = true -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua deleted file mode 100644 index 3bdc6db4c..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua +++ /dev/null @@ -1,88 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth <steven@midlink.org> -Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net> - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- - -m = Map("firewall", translate("Traffic Control")) -s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"), - translate("Here you can specify which network traffic is allowed " .. - "to flow between network zones. Only new connections will " .. - "be matched. Packets belonging to already open " .. - "connections are automatically allowed to pass the " .. - "firewall. If you experience occasional connection " .. - "problems try enabling MSS Clamping otherwise disable it " .. - "for performance reasons.")) -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true - -iface = s:option(ListValue, "src", translate("Source")) -oface = s:option(ListValue, "dest", translate("Destination")) - -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - - - -s = m:section(TypedSection, "rule", translate("Rules")) -s.addremove = true -s.anonymous = true -s.template = "cbi/tblsection" -s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s") -s.defaults.target = "ACCEPT" - -local created = nil - -function s.create(self, section) - created = TypedSection.create(self, section) -end - -function s.parse(self, ...) - TypedSection.parse(self, ...) - if created then - m.uci:save("firewall") - luci.http.redirect(luci.dispatcher.build_url( - "admin", "network", "firewall", "rule", created - )) - end -end - -s:option(DummyValue, "_name", translate("Name")) -s:option(DummyValue, "proto", translate("Protocol")) - -src = s:option(DummyValue, "src", translate("Source")) -function src.cfgvalue(self, s) - return "%s:%s:%s" % { - self.map:get(s, "src") or "*", - self.map:get(s, "src_ip") or "0.0.0.0/0", - self.map:get(s, "src_port") or "*" - } -end - -dest = s:option(DummyValue, "dest", translate("Destination")) -function dest.cfgvalue(self, s) - return "%s:%s:%s" % { - self.map:get(s, "dest") or translate("Device"), - self.map:get(s, "dest_ip") or "0.0.0.0/0", - self.map:get(s, "dest_port") or "*" - } -end - - -s:option(DummyValue, "target", translate("Action")) - - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua deleted file mode 100644 index 0ce41e38c..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua +++ /dev/null @@ -1,77 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth <steven@midlink.org> - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -arg[1] = arg[1] or "" -m = Map("firewall", translate("Advanced Rules"), - translate("Advanced rules let you customize the firewall to your " .. - "needs. Only new connections will be matched. Packets " .. - "belonging to already open connections are automatically " .. - "allowed to pass the firewall.")) - -s = m:section(NamedSection, arg[1], "rule", "") -s.anonymous = true -s.addremove = false - -back = s:option(DummyValue, "_overview", translate("Overview")) -back.value = "" -back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule") - - -name = s:option(Value, "_name", translate("Name").." "..translate("(optional)")) -name.rmempty = true - -iface = s:option(ListValue, "src", translate("Source zone")) -iface.rmempty = true - -oface = s:option(ListValue, "dest", translate("Destination zone")) -oface:value("", translate("any")) -oface.rmempty = true - -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - -proto = s:option(Value, "proto", translate("Protocol")) -proto.optional = true -proto:value("") -proto:value("all", translate("Any")) -proto:value("tcpudp", "TCP+UDP") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("icmp", "ICMP") - -s:option(Value, "src_ip", translate("Source address")).optional = true -s:option(Value, "dest_ip", translate("Destination address")).optional = true -s:option(Value, "src_mac", translate("Source MAC-address")).optional = true - -sport = s:option(Value, "src_port", translate("Source port")) -sport:depends("proto", "tcp") -sport:depends("proto", "udp") -sport:depends("proto", "tcpudp") - -dport = s:option(Value, "dest_port", translate("Destination port")) -dport:depends("proto", "tcp") -dport:depends("proto", "udp") -dport:depends("proto", "tcpudp") - -jump = s:option(ListValue, "target", translate("Action")) -jump.rmempty = true -jump.default = "ACCEPT" -jump:value("DROP", translate("drop")) -jump:value("ACCEPT", translate("accept")) -jump:value("REJECT", translate("reject")) - - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua deleted file mode 100644 index edb82a9b5..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua +++ /dev/null @@ -1,81 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth <steven@midlink.org> - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- - -local nw = require "luci.model.network" -local fw = require "luci.model.firewall" - -require("luci.tools.webadmin") -m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow.")) - -fw.init(m.uci) -nw.init(m.uci) - -s = m:section(TypedSection, "defaults") -s.anonymous = true -s.addremove = false - -s:option(Flag, "syn_flood", translate("Enable SYN-flood protection")) - -local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets")) -di.rmempty = false -function di.cfgvalue(...) - return AbstractValue.cfgvalue(...) or "1" -end - -p = {} -p[1] = s:option(ListValue, "input", translate("Input")) -p[2] = s:option(ListValue, "output", translate("Output")) -p[3] = s:option(ListValue, "forward", translate("Forward")) - -for i, v in ipairs(p) do - v:value("REJECT", translate("reject")) - v:value("DROP", translate("drop")) - v:value("ACCEPT", translate("accept")) -end - - -s = m:section(TypedSection, "zone", translate("Zones")) -s.template = "cbi/tblsection" -s.anonymous = true -s.addremove = true - -name = s:option(Value, "name", translate("Name")) -name.size = 8 - -p = {} -p[1] = s:option(ListValue, "input", translate("Input")) -p[2] = s:option(ListValue, "output", translate("Output")) -p[3] = s:option(ListValue, "forward", translate("Forward")) - -for i, v in ipairs(p) do - v:value("REJECT", translate("reject")) - v:value("DROP", translate("drop")) - v:value("ACCEPT", translate("accept")) -end - -s:option(Flag, "masq", translate("Masquerading")) -s:option(Flag, "mtu_fix", translate("MSS clamping")) - -net = s:option(MultiValue, "network", translate("Network")) -net.template = "cbi/network_netlist" -net.widget = "checkbox" -net.rmempty = true -luci.tools.webadmin.cbi_add_networks(net) - -function net.cfgvalue(self, section) - local value = MultiValue.cfgvalue(self, section) - return value or name:cfgvalue(section) -end - -return m diff --git a/applications/luci-fw/root/lib/uci/schema/default/firewall b/applications/luci-fw/root/lib/uci/schema/default/firewall deleted file mode 100644 index 35ff0565c..000000000 --- a/applications/luci-fw/root/lib/uci/schema/default/firewall +++ /dev/null @@ -1,255 +0,0 @@ -package firewall - -config package - option title 'Firewall configuration' - -config section - option name 'zone' - option title 'Firewall zones' - option package 'firewall' - -config variable - option name 'name' - option title 'Name' - option section 'firewall.zone' - option required true - -config variable - option name 'network' - option title 'Networks belonging to this zone' - option section 'firewall.zone' - option valueof 'network.interface' - option multival true - -config variable - option name 'forward' - option title 'Zone specific action for forwarded traffic' - option section 'firewall.zone' - option required true - -config variable - option name 'input' - option title 'Zone specific action for incoming traffic' - option section 'firewall.zone' - option required true - -config variable - option name 'output' - option title 'Zone specific action for outgoing traffic' - option section 'firewall.zone' - option required true - -config variable - option name 'masq' - option title 'Enable masquerading for outgoing zone traffic' - option section 'firewall.zone' - option datatype 'boolean' - - - -config section - option name 'defaults' - option title 'Global firewall defaults' - option package 'firewall' - option unique true - option required true - -config variable - option name 'forward' - option title 'Action for forwarded traffic' - option section 'firewall.defaults' - option required true - -config variable - option name 'input' - option title 'Action for incoming traffic' - option section 'firewall.defaults' - option required true - -config variable - option name 'output' - option title 'Action for outgoing traffic' - option section 'firewall.defaults' - option required true - -config variable - option name 'syn_flood' - option title 'Enable syn-flood protection' - option section 'firewall.defaults' - option datatype 'boolean' - -config variable - option name 'drop_invalid' - option title 'Do not drop packages with state invalid' - option section 'firewall.defaults' - option datatype 'boolean' - - - -config section - option name 'forwarding' - option title 'Forwarding rules' - option package 'firewall' - -config variable - option name 'src' - option title 'Source zone' - option section 'firewall.forwarding' - option valueof 'firewall.zone.name' - option required true - -config variable - option name 'dest' - option title 'Destination zone' - option section 'firewall.forwarding' - option valueof 'firewall.zone.name' - option required true - -config variable - option name 'mtu_fix' - option title 'Fixup MTU of outgoing packages' - option section 'firewall.forwarding' - option datatype 'boolean' - - - -config section - option name 'rule' - option title 'Custom rules' - option package 'firewall' - list depends 'target, src' - list depends 'target, dest' - list depends 'target, src_ip' - list depends 'target, src_port' - list depends 'target, src_mac' - list depends 'target, dest_ip' - list depends 'target, dest_port' - list depends 'target, proto' - -config variable - option name 'src' - option title 'Source zone' - option section 'firewall.rule' - option valueof 'firewall.zone.name' - -config variable - option name 'src_ip' - option title 'Source IP address' - option section 'firewall.rule' - option datatype 'ipaddr' - -config variable - option name 'src_port' - option title 'Source port' - option section 'firewall.rule' - option datatype 'portrange' - -config variable - option name 'src_mac' - option title 'Source MAC address' - option section 'firewall.rule' - option datatype 'macaddr' - -config variable - option name 'dest' - option title 'Destination zone' - option section 'firewall.rule' - option valueof 'firewall.zone.name' - -config variable - option name 'dest_ip' - option title 'Destination IP address' - option section 'firewall.rule' - option datatype 'ipaddr' - -config variable - option name 'dest_port' - option title 'Destination port' - option section 'firewall.rule' - option datatype 'portrange' - -config variable - option name 'proto' - option title 'Protocol' - option section 'firewall.rule' - option datatype 'string' - -config variable - option name 'target' - option title 'Option target' - option section 'firewall.rule' - option datatype 'string' - - - -config section - option name 'redirect' - option title 'Redirection rules' - option package 'firewall' - -config variable - option name 'src' - option title 'Source zone' - option section 'firewall.redirect' - option valueof 'firewall.zone.name' - -config variable - option name 'src_ip' - option title 'Source IP address' - option section 'firewall.redirect' - option datatype 'ipaddr' - -config variable - option name 'src_port' - option title 'Source port' - option section 'firewall.redirect' - option datatype 'portrange' - -config variable - option name 'src_dport' - option title 'Source destination port' - option section 'firewall.redirect' - option datatype 'portrange' - -config variable - option name 'src_mac' - option title 'Option src_mac' - option section 'firewall.redirect' - option datatype 'macaddr' - -config variable - option name 'dest' - option title 'Destination zone' - option section 'firewall.redirect' - option valueof 'firewall.zone.name' - -config variable - option name 'dest_ip' - option title 'Destination IP address' - option section 'firewall.redirect' - option datatype 'ipaddr' - -config variable - option name 'dest_port' - option title 'Destination port' - option section 'firewall.redirect' - option datatype 'portrange' - -config variable - option name 'proto' - option title 'Protocol' - option section 'firewall.redirect' - option datatype 'string' - - - -config section - option name 'include' - option title 'User defined config includes' - option package 'firewall' - -config variable - option name 'path' - option title 'Path to the include file' - option section 'firewall.include' - option datatype 'file' |