summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-banip/luasrc/model/cbi/banip/overview_tab.lua
blob: d418ad32af64ec042a323bf836a3650bce7cbd8d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
-- Copyright 2018-2019 Dirk Brenken (dev@brenken.org)
-- This is free software, licensed under the Apache License, Version 2.0

local fs   = require("nixio.fs")
local uci  = require("luci.model.uci").cursor()
local net  = require "luci.model.network".init()
local util = require("luci.util")
local dump = util.ubus("network.interface", "dump", {})

m = Map("banip", translate("banIP"),
	translate("Configuration of the banIP package to block ip adresses/subnets via IPSet. ")
	..translatef("For further information "
	.. "<a href=\"%s\" target=\"_blank\">"
	.. "check the online documentation</a>", "https://github.com/openwrt/packages/blob/master/net/banip/files/README.md"))

-- Main banIP Options

s = m:section(NamedSection, "global", "banip")

o1 = s:option(Flag, "ban_enabled", translate("Enable banIP"))
o1.default = o1.disabled
o1.rmempty = false

o2 = s:option(Flag, "ban_automatic", translate("Automatic WAN Interface Detection"))
o2.default = o2.enabled
o2.rmempty = false

o3 = s:option(MultiValue, "ban_iface", translate("Manual WAN Interface Selection"),
	translate("Select your preferred interface(s) manually."))
if dump then
	local i, v
	for i, v in ipairs(dump.interface) do
		if v.interface ~= "loopback" then
			local device = v.l3_device or v.device or "-"
			o3:value(v.interface, " " .. v.interface .. " (" .. device .. ") ")
		end
	end
end
o3:depends("ban_automatic", 0)
o3.widget = "checkbox"
o3.rmempty = true

o4 = s:option(Flag, "ban_realtime", translate("SSH/LuCI RT Monitor"),
	translate("Starts a small log/banIP monitor in the background to block SSH/LuCI brute force attacks in realtime."))
o4.enabled = "true"
o4.default = o4.disabled
o4.rmempty = false

-- Runtime Information

ds = s:option(DummyValue, "_dummy")
ds.template = "banip/runtime"

-- Source Table

bl = m:section(TypedSection, "source", translate("IPSet Sources"))
bl.template = "banip/sourcelist"

name_4 = bl:option(Flag, "ban_src_on", translate("enable IPv4"))
name_4.rmempty = false

name_6 = bl:option(Flag, "ban_src_on_6", translate("enable IPv6"))
name_6.rmempty = false

type = bl:option(ListValue, "ban_src_ruletype", translate("SRC/DST"))
type:value("src")
type:value("dst")
type:value("src+dst")
type.default = "src"
type.rmempty = false

des = bl:option(DummyValue, "ban_src_desc", translate("Description"))

cat = bl:option(DynamicList, "ban_src_cat", translate("ASN/Country"))
cat.datatype = "uciname"
cat.optional = true

-- Extra options

e = m:section(NamedSection, "extra", "banip", translate("Extra Options"),
	translate("Options for further tweaking in case the defaults are not suitable for you."))

e1 = e:option(Flag, "ban_debug", translate("Verbose Debug Logging"),
	translate("Enable verbose debug logging in case of any processing error."))
e1.rmempty = false

e2 = e:option(Flag, "ban_nice", translate("Low Priority Service"),
	translate("Set the nice level to 'low priority' and banIP background processing will take less resources from the system. ")
	..translate("This change requires a manual service stop/re-start to take effect."))
e2.disabled = "0"
e2.enabled = "10"
e2.rmempty = false

e3 = e:option(Value, "ban_backupdir", translate("Backup Directory"),
	translate("Target directory for banIP backups. Default is '/tmp', please use preferably a non-volatile disk if available."))
e3.datatype = "directory"
e3.default = "/tmp"
e3.rmempty = true

e4 = e:option(Value, "ban_maxqueue", translate("Max. Download Queue"),
	translate("Size of the download queue to handle downloads &amp; IPset processing in parallel (default '4'). ")
	.. translate("For further performance improvements you can raise this value, e.g. '8' or '16' should be safe."))
e4.default = 4
e4.datatype = "range(1,32)"
e4.rmempty = false

e5 = e:option(ListValue, "ban_sshdaemon", translate("SSH Daemon"),
	translate("Select the SSH daemon for logfile parsing, to detect break-in events."))
e5:value("dropbear")
e5:value("sshd")
e5.default = "dropbear"
e5.rmempty = true

e6 = e:option(Flag, "ban_autoblacklist", translate("Local Save Blacklist Addons"),
  translate("Blacklist auto addons are stored temporary in the IPSet and saved permanently in the local blacklist. Disable this option to prevent the local save."))
e6.default = e6.enabled
e6.rmempty = true

e7 = e:option(Flag, "ban_autowhitelist", translate("Local Save Whitelist Addons"),
  translate("Whitelist auto addons are stored temporary in the IPSet and saved permanently in the local whitelist. Disable this option to prevent the local save."))
e7.default = e7.enabled
e7.rmempty = true

-- Optional Extra Options

e20 = e:option(ListValue, "ban_fetchutil", translate("Download Utility"),
	translate("Select your preferred download utility."))
e20:value("uclient-fetch")
e20:value("wget")
e20:value("curl")
e20:value("aria2c")
e20.optional = true

e21 = e:option(Value, "ban_fetchparm", translate("Download Options"),
	translate("Special options for the selected download utility, e.g. '--timeout=20 -O'."))
e21.optional = true

e22 = e:option(Value, "ban_triggerdelay", translate("Trigger Delay"),
	translate("Additional trigger delay in seconds before banIP processing begins."))
e22.default = 2
e22.datatype = "range(1,60)"
e22.optional = true

e23 = e:option(ListValue, "ban_starttype", translate("Start Type"),
	translate("Select the used start type during boot."))
e23:value("start")
e23:value("reload")
e23.default = "start"
e23.optional = true

e30 = e:option(Value, "ban_wan_input_chain", translate("WAN Input Chain IPv4"))
e30.default = "input_wan_rule"
e30.datatype = "uciname"
e30.optional = true

e31 = e:option(Value, "ban_wan_forward_chain", translate("WAN Forward Chain IPv4"))
e31.default = "forwarding_wan_rule"
e31.datatype = "uciname"
e31.optional = true

e32 = e:option(Value, "ban_lan_input_chain", translate("LAN Input Chain IPv4"))
e32.default = "input_lan_rule"
e32.datatype = "uciname"
e32.optional = true

e33 = e:option(Value, "ban_lan_forward_chain", translate("LAN Forward Chain IPv4"))
e33.default = "forwarding_lan_rule"
e33.datatype = "uciname"
e33.optional = true

e34 = e:option(ListValue, "ban_target_src", translate("SRC Target IPv4"))
e34:value("REJECT")
e34:value("DROP")
e34.default = "DROP"
e34.optional = true

e35 = e:option(ListValue, "ban_target_dst", translate("DST Target IPv4"))
e35:value("REJECT")
e35:value("DROP")
e35.default = "REJECT"
e35.optional = true

e36 = e:option(Value, "ban_wan_input_chain_6", translate("WAN Input Chain IPv6"))
e36.default = "input_wan_rule"
e36.datatype = "uciname"
e36.optional = true

e37 = e:option(Value, "ban_wan_forward_chain_6", translate("WAN Forward Chain IPv6"))
e37.default = "forwarding_wan_rule"
e37.datatype = "uciname"
e37.optional = true

e38 = e:option(Value, "ban_lan_input_chain_6", translate("LAN Input Chain IPv6"))
e38.default = "input_lan_rule"
e38.datatype = "uciname"
e38.optional = true

e39 = e:option(Value, "ban_lan_forward_chain_6", translate("LAN Forward Chain IPv6"))
e39.default = "forwarding_lan_rule"
e39.datatype = "uciname"
e39.optional = true

e40 = e:option(ListValue, "ban_target_src_6", translate("SRC Target IPv6"))
e40:value("REJECT")
e40:value("DROP")
e40.default = "DROP"
e40.optional = true

e41 = e:option(ListValue, "ban_target_dst_6", translate("DST Target IPv6"))
e41:value("REJECT")
e41:value("DROP")
e41.default = "REJECT"
e41.optional = true

return m