1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
-- Copyright 2008 Steven Barth <steven@midlink.org>
-- Licensed to the public under the Apache License 2.0.
local ds = require "luci.dispatcher"
local fw = require "luci.model.firewall"
local fs = require "nixio.fs"
local m, s, o, p, i, v
m = Map("firewall",
translate("Firewall - Zone Settings"),
translate("The firewall creates zones over your network interfaces to control network traffic flow."))
fw.init(m.uci)
s = m:section(TypedSection, "defaults", translate("General Settings"))
s.anonymous = true
s.addremove = false
s:option(Flag, "syn_flood", translate("Enable SYN-flood protection"))
o = s:option(Flag, "drop_invalid", translate("Drop invalid packets"))
p = {
s:option(ListValue, "input", translate("Input")),
s:option(ListValue, "output", translate("Output")),
s:option(ListValue, "forward", translate("Forward"))
}
for i, v in ipairs(p) do
v:value("REJECT", translate("reject"))
v:value("DROP", translate("drop"))
v:value("ACCEPT", translate("accept"))
end
-- Netfilter flow offload support
local offload = fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt")
if offload then
s:option(DummyValue, "offload_advice",
translate("Routing/NAT Offloading"),
translate("Experimental feature. Not fully compatible with QoS/SQM."))
o = s:option(Flag, "flow_offloading",
translate("Software flow offloading"),
translate("Software based offloading for routing/NAT"))
o.optional = true
o = s:option(Flag, "flow_offloading_hw",
translate("Hardware flow offloading"),
translate("Requires hardware NAT support. Implemented at least for mt7621"))
o.optional = true
o:depends( "flow_offloading", 1)
end
-- Firewall zones
s = m:section(TypedSection, "zone", translate("Zones"))
s.template = "cbi/tblsection"
s.anonymous = true
s.addremove = true
s.extedit = ds.build_url("admin", "network", "firewall", "zones", "%s")
function s.sectiontitle(self, sid)
local z = fw:get_zone(sid)
return z:name()
end
function s.create(self)
local z = fw:new_zone()
if z then
luci.http.redirect(
ds.build_url("admin", "network", "firewall", "zones", z.sid)
)
end
end
function s.remove(self, section)
return fw:del_zone(section)
end
o = s:option(DummyValue, "_info", translate("Zone ⇒ Forwardings"))
o.template = "cbi/firewall_zoneforwards"
o.cfgvalue = function(self, section)
return self.map:get(section, "name")
end
p = {
s:option(ListValue, "input", translate("Input")),
s:option(ListValue, "output", translate("Output")),
s:option(ListValue, "forward", translate("Forward"))
}
for i, v in ipairs(p) do
v:value("REJECT", translate("reject"))
v:value("DROP", translate("drop"))
v:value("ACCEPT", translate("accept"))
end
s:option(Flag, "masq", translate("Masquerading"))
s:option(Flag, "mtu_fix", translate("MSS clamping"))
return m
|
