1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
-- Copyright 2018 Dirk Brenken (dev@brenken.org)
-- This is free software, licensed under the Apache License, Version 2.0
local fs = require("nixio.fs")
local uci = require("luci.model.uci").cursor()
local sys = require("luci.sys")
local net = require "luci.model.network".init()
local util = require("luci.util")
local dump = util.ubus("network.interface", "dump", {})
local devices = sys.net:devices()
m = Map("banip", translate("banIP"),
translate("Configuration of the banIP package to block ip adresses/subnets via IPSet. ")
.. translatef("For further information "
.. "<a href=\"%s\" target=\"_blank\">"
.. "check the online documentation</a>", "https://github.com/openwrt/packages/blob/master/net/banip/files/README.md"))
-- Main banIP Options
s = m:section(NamedSection, "global", "banip")
o1 = s:option(Flag, "ban_enabled", translate("Enable banIP"))
o1.default = o1.disabled
o1.rmempty = false
o2 = s:option(Flag, "ban_automatic", translate("Automatic WAN Interface Detection"))
o2.default = o2.enabled
o2.rmempty = false
o3 = s:option(ListValue, "ban_iface", " ")
for _, dev in ipairs(devices) do
if dev ~= "lo" and dev ~= "br-lan" then
local iface = net:get_interface(dev)
if iface then
iface = iface:get_networks() or {}
for k, v in pairs(iface) do
iface[k] = iface[k].sid
if iface[k] ~= "lan" then
o3:value(iface[k], iface[k].. " (" ..dev.. ")")
end
end
end
end
end
o3.default = ban_iface
o3.rmempty = false
o4 = s:option(ListValue, "ban_fetchutil", translate("Download Utility"),
translate("List of supported and fully pre-configured download utilities."))
o4:value("uclient-fetch")
o4:value("wget")
o4:value("curl")
o4:value("aria2c")
o4:value("wget-nossl", "wget-nossl (noSSL)")
o4:value("busybox", "wget-busybox (noSSL)")
o4.default = "uclient-fetch"
o4.rmempty = false
-- Runtime Information
ds = s:option(DummyValue, "_dummy")
ds.template = "banip/runtime"
-- Source Table
bl = m:section(TypedSection, "source", translate("IP Blocklist Sources"))
bl.template = "banip/sourcelist"
ssl = bl:option(DummyValue, "ban_src", translate("SSL req."))
function ssl.cfgvalue(self, section)
local source = self.map:get(section, "ban_src") or self.map:get(section, "ban_src_6")
if source then
if source:match("https://") then
return translate("Yes")
else
return translate("No")
end
end
return translate("n/a")
end
name_4 = bl:option(Flag, "ban_src_on", translate("enable IPv4"))
name_4.rmempty = false
name_6 = bl:option(Flag, "ban_src_on_6", translate("enable IPv6"))
name_6.rmempty = false
type = bl:option(ListValue, "ban_src_ruletype", translate("SRC/DST"))
type:value("src")
type:value("dst")
type:value("src+dst")
type.default = "src"
type.rmempty = false
des = bl:option(DummyValue, "ban_src_desc", translate("Description"))
cat = bl:option(DynamicList, "ban_src_cat", translate("ASN/Country"))
cat.datatype = "uciname"
cat.optional = true
-- Extra options
e = m:section(NamedSection, "extra", "banip", translate("Extra Options"),
translate("Options for further tweaking in case the defaults are not suitable for you."))
e1 = e:option(Flag, "ban_debug", translate("Verbose Debug Logging"),
translate("Enable verbose debug logging in case of any processing error."))
e1.default = e1.disabled
e1.rmempty = false
e2 = e:option(Flag, "ban_nice", translate("Low Priority Service"),
translate("Set the nice level to 'low priority' and banIP background processing will take less resources from the system. ")
..translate("This change requires a manual service stop/re-start to take effect."))
e2.default = e2.disabled
e2.disabled = "0"
e2.enabled = "10"
e2.rmempty = false
e3 = e:option(Value, "ban_maxqueue", translate("Max. Download Queue"),
translate("Size of the download queue to handle downloads & IPset processing in parallel (default '8'). ")
.. translate("For further performance improvements you can raise this value, e.g. '16' or '32' should be safe."))
e3.default = 8
e3.datatype = "range(1,32)"
e3.rmempty = false
e4 = e:option(Value, "ban_triggerdelay", translate("Trigger Delay"),
translate("Additional trigger delay in seconds before banIP processing begins."))
e4.default = 2
e4.datatype = "range(1,60)"
e4.optional = true
e5 = e:option(Value, "ban_fetchparm", translate("Download Options"),
translate("Special options for the selected download utility, e.g. '--timeout=20 --no-check-certificate -O'."))
e5.optional = true
e10 = e:option(Value, "ban_wan_input_chain", translate("WAN Input Chain IPv4"))
e10.default = "input_wan_rule"
e10.datatype = "uciname"
e10.optional = true
e11 = e:option(Value, "ban_wan_forward_chain", translate("WAN Forward Chain IPv4"))
e11.default = "forwarding_wan_rule"
e11.datatype = "uciname"
e11.optional = true
e12 = e:option(Value, "ban_lan_input_chain", translate("LAN Input Chain IPv4"))
e12.default = "input_lan_rule"
e12.datatype = "uciname"
e12.optional = true
e13 = e:option(Value, "ban_lan_forward_chain", translate("LAN Forward Chain IPv4"))
e13.default = "forwarding_lan_rule"
e13.datatype = "uciname"
e13.optional = true
e14 = e:option(ListValue, "ban_target_src", translate("SRC Target IPv4"))
e14:value("REJECT")
e14:value("DROP")
e14.default = "DROP"
e14.optional = true
e15 = e:option(ListValue, "ban_target_dst", translate("DST Target IPv4"))
e15:value("REJECT")
e15:value("DROP")
e15.default = "REJECT"
e15.optional = true
e16 = e:option(Value, "ban_wan_input_chain_6", translate("WAN Input Chain IPv6"))
e16.default = "input_wan_rule"
e16.datatype = "uciname"
e16.optional = true
e17 = e:option(Value, "ban_wan_forward_chain_6", translate("WAN Forward Chain IPv6"))
e17.default = "forwarding_wan_rule"
e17.datatype = "uciname"
e17.optional = true
e18 = e:option(Value, "ban_lan_input_chain_6", translate("LAN Input Chain IPv6"))
e18.default = "input_lan_rule"
e18.datatype = "uciname"
e18.optional = true
e19 = e:option(Value, "ban_lan_forward_chain_6", translate("LAN Forward Chain IPv6"))
e19.default = "forwarding_lan_rule"
e19.datatype = "uciname"
e19.optional = true
e20 = e:option(ListValue, "ban_target_src_6", translate("SRC Target IPv6"))
e20:value("REJECT")
e20:value("DROP")
e20.default = "DROP"
e20.optional = true
e21 = e:option(ListValue, "ban_target_dst_6", translate("DST Target IPv6"))
e21:value("REJECT")
e21:value("DROP")
e21.default = "REJECT"
e21.optional = true
return m
|
