1 -- Copyright 2018-2019 Dirk Brenken (dev@brenken.org)
2 -- This is free software, licensed under the Apache License, Version 2.0
4 local fs = require("nixio.fs")
5 local uci = require("luci.model.uci").cursor()
6 local net = require "luci.model.network".init()
7 local util = require("luci.util")
8 local dump = util.ubus("network.interface", "dump", {})
10 m = Map("banip", translate("banIP"),
11 translate("Configuration of the banIP package to block ip adresses/subnets via IPSet. ")
12 ..translatef("For further information "
13 .. "<a href=\"%s\" target=\"_blank\">"
14 .. "check the online documentation</a>", "https://github.com/openwrt/packages/blob/master/net/banip/files/README.md"))
18 s = m:section(NamedSection, "global", "banip")
20 o1 = s:option(Flag, "ban_enabled", translate("Enable banIP"))
21 o1.default = o1.disabled
24 o2 = s:option(Flag, "ban_automatic", translate("Automatic WAN Interface Detection"))
25 o2.default = o2.enabled
28 o3 = s:option(MultiValue, "ban_iface", translate("Interface Selection"),
29 translate("Disable the automatic WAN detection and select your preferred interface(s) manually."))
32 for i, v in ipairs(dump.interface) do
33 if v.interface ~= "loopback" and v.interface ~= "lan" then
34 local device = v.l3_device or v.device or "-"
35 o3:value(v.interface, v.interface.. " (" ..device.. ")")
39 o3.widget = "checkbox"
42 o4 = s:option(ListValue, "ban_fetchutil", translate("Download Utility"),
43 translate("List of supported and fully pre-configured download utilities."))
44 o4:value("uclient-fetch")
48 o4:value("wget-nossl", "wget-nossl (noSSL)")
49 o4:value("busybox", "wget-busybox (noSSL)")
50 o4.default = "uclient-fetch"
53 -- Runtime Information
55 ds = s:option(DummyValue, "_dummy")
56 ds.template = "banip/runtime"
60 bl = m:section(TypedSection, "source", translate("IP Blocklist Sources"))
61 bl.template = "banip/sourcelist"
63 ssl = bl:option(DummyValue, "ban_src", translate("SSL req."))
64 function ssl.cfgvalue(self, section)
65 local source = self.map:get(section, "ban_src") or self.map:get(section, "ban_src_6")
67 if source:match("https://") then
68 return translate("Yes")
70 return translate("No")
73 return translate("n/a")
76 name_4 = bl:option(Flag, "ban_src_on", translate("enable IPv4"))
77 name_4.rmempty = false
79 name_6 = bl:option(Flag, "ban_src_on_6", translate("enable IPv6"))
80 name_6.rmempty = false
82 type = bl:option(ListValue, "ban_src_ruletype", translate("SRC/DST"))
89 des = bl:option(DummyValue, "ban_src_desc", translate("Description"))
91 cat = bl:option(DynamicList, "ban_src_cat", translate("ASN/Country"))
92 cat.datatype = "uciname"
97 e = m:section(NamedSection, "extra", "banip", translate("Extra Options"),
98 translate("Options for further tweaking in case the defaults are not suitable for you."))
100 e1 = e:option(Flag, "ban_debug", translate("Verbose Debug Logging"),
101 translate("Enable verbose debug logging in case of any processing error."))
104 e2 = e:option(Flag, "ban_nice", translate("Low Priority Service"),
105 translate("Set the nice level to 'low priority' and banIP background processing will take less resources from the system. ")
106 ..translate("This change requires a manual service stop/re-start to take effect."))
111 e3 = e:option(Flag, "ban_backup", translate("Enable Blocklist Backup"),
112 translate("Create compressed blocklist backups, they will be used in case of download errors or during startup in 'backup mode'."))
115 e4 = e:option(Value, "ban_backupdir", translate("Backup Directory"),
116 translate("Target directory for banIP backups. Please use preferably a non-volatile disk, e.g. an external usb stick."))
117 e4:depends("ban_backup", 1)
118 e4.datatype = "directory"
122 e5 = e:option(Flag, "ban_backupboot", translate("Backup Mode"),
123 translate("Do not automatically update blocklists during startup, use their backups instead."))
124 e5:depends("ban_backup", 1)
127 e6 = e:option(Value, "ban_maxqueue", translate("Max. Download Queue"),
128 translate("Size of the download queue to handle downloads & IPset processing in parallel (default '4'). ")
129 .. translate("For further performance improvements you can raise this value, e.g. '8' or '16' should be safe."))
131 e6.datatype = "range(1,32)"
134 e7 = e:option(Flag, "ban_autoblacklist", translate("Local Save Blacklist Addons"),
135 translate("Blacklist auto addons are stored temporary in the IPSet and saved permanently in the local blacklist. Disable this option to prevent the local save."))
136 e7.default = e7.enabled
139 e8 = e:option(Flag, "ban_autowhitelist", translate("Local Save Whitelist Addons"),
140 translate("Whitelist auto addons are stored temporary in the IPSet and saved permanently in the local whitelist. Disable this option to prevent the local save."))
141 e8.default = e8.enabled
144 -- Optional Extra Options
146 e20 = e:option(Value, "ban_triggerdelay", translate("Trigger Delay"),
147 translate("Additional trigger delay in seconds before banIP processing begins."))
149 e20.datatype = "range(1,60)"
152 e21 = e:option(Value, "ban_fetchparm", translate("Download Options"),
153 translate("Special options for the selected download utility, e.g. '--timeout=20 --no-check-certificate -O'."))
156 e22 = e:option(Value, "ban_wan_input_chain", translate("WAN Input Chain IPv4"))
157 e22.default = "input_wan_rule"
158 e22.datatype = "uciname"
161 e23 = e:option(Value, "ban_wan_forward_chain", translate("WAN Forward Chain IPv4"))
162 e23.default = "forwarding_wan_rule"
163 e23.datatype = "uciname"
166 e24 = e:option(Value, "ban_lan_input_chain", translate("LAN Input Chain IPv4"))
167 e24.default = "input_lan_rule"
168 e24.datatype = "uciname"
171 e25 = e:option(Value, "ban_lan_forward_chain", translate("LAN Forward Chain IPv4"))
172 e25.default = "forwarding_lan_rule"
173 e25.datatype = "uciname"
176 e26 = e:option(ListValue, "ban_target_src", translate("SRC Target IPv4"))
182 e27 = e:option(ListValue, "ban_target_dst", translate("DST Target IPv4"))
185 e27.default = "REJECT"
188 e28 = e:option(Value, "ban_wan_input_chain_6", translate("WAN Input Chain IPv6"))
189 e28.default = "input_wan_rule"
190 e28.datatype = "uciname"
193 e29 = e:option(Value, "ban_wan_forward_chain_6", translate("WAN Forward Chain IPv6"))
194 e29.default = "forwarding_wan_rule"
195 e29.datatype = "uciname"
198 e30 = e:option(Value, "ban_lan_input_chain_6", translate("LAN Input Chain IPv6"))
199 e30.default = "input_lan_rule"
200 e30.datatype = "uciname"
203 e31 = e:option(Value, "ban_lan_forward_chain_6", translate("LAN Forward Chain IPv6"))
204 e31.default = "forwarding_lan_rule"
205 e31.datatype = "uciname"
208 e32 = e:option(ListValue, "ban_target_src_6", translate("SRC Target IPv6"))
214 e33 = e:option(ListValue, "ban_target_dst_6", translate("DST Target IPv6"))
217 e33.default = "REJECT"