1 -- Copyright 2018-2019 Dirk Brenken (dev@brenken.org)
2 -- This is free software, licensed under the Apache License, Version 2.0
4 local fs = require("nixio.fs")
5 local uci = require("luci.model.uci").cursor()
6 local net = require "luci.model.network".init()
7 local util = require("luci.util")
8 local dump = util.ubus("network.interface", "dump", {})
10 m = Map("banip", translate("banIP"),
11 translate("Configuration of the banIP package to block ip adresses/subnets via IPSet. ")
12 ..translatef("For further information "
13 .. "<a href=\"%s\" target=\"_blank\">"
14 .. "check the online documentation</a>", "https://github.com/openwrt/packages/blob/master/net/banip/files/README.md"))
18 s = m:section(NamedSection, "global", "banip")
20 o1 = s:option(Flag, "ban_enabled", translate("Enable banIP"))
21 o1.default = o1.disabled
24 o2 = s:option(Flag, "ban_automatic", translate("Automatic WAN Interface Detection"))
25 o2.default = o2.enabled
28 o3 = s:option(MultiValue, "ban_iface", translate("Interface Selection"),
29 translate("Disable the automatic WAN detection and select your preferred interface(s) manually."))
32 for i, v in ipairs(dump.interface) do
33 if v.interface ~= "loopback" and v.interface ~= "lan" then
34 local device = v.l3_device or v.device or "-"
35 o3:value(v.interface, v.interface.. " (" ..device.. ")")
39 o3.widget = "checkbox"
42 o4 = s:option(ListValue, "ban_fetchutil", translate("Download Utility"),
43 translate("List of supported and fully pre-configured download utilities."))
44 o4:value("uclient-fetch")
48 o4.default = "uclient-fetch"
51 -- Runtime Information
53 ds = s:option(DummyValue, "_dummy")
54 ds.template = "banip/runtime"
58 bl = m:section(TypedSection, "source", translate("IPSet Sources"))
59 bl.template = "banip/sourcelist"
61 name_4 = bl:option(Flag, "ban_src_on", translate("enable IPv4"))
62 name_4.rmempty = false
64 name_6 = bl:option(Flag, "ban_src_on_6", translate("enable IPv6"))
65 name_6.rmempty = false
67 type = bl:option(ListValue, "ban_src_ruletype", translate("SRC/DST"))
74 des = bl:option(DummyValue, "ban_src_desc", translate("Description"))
76 cat = bl:option(DynamicList, "ban_src_cat", translate("ASN/Country"))
77 cat.datatype = "uciname"
82 e = m:section(NamedSection, "extra", "banip", translate("Extra Options"),
83 translate("Options for further tweaking in case the defaults are not suitable for you."))
85 e1 = e:option(Flag, "ban_debug", translate("Verbose Debug Logging"),
86 translate("Enable verbose debug logging in case of any processing error."))
89 e2 = e:option(Flag, "ban_nice", translate("Low Priority Service"),
90 translate("Set the nice level to 'low priority' and banIP background processing will take less resources from the system. ")
91 ..translate("This change requires a manual service stop/re-start to take effect."))
96 e3 = e:option(Value, "ban_backupdir", translate("Backup Directory"),
97 translate("Target directory for banIP backups. Default is '/tmp', please use preferably a non-volatile disk if available."))
98 e3.datatype = "directory"
102 e4 = e:option(Value, "ban_maxqueue", translate("Max. Download Queue"),
103 translate("Size of the download queue to handle downloads & IPset processing in parallel (default '4'). ")
104 .. translate("For further performance improvements you can raise this value, e.g. '8' or '16' should be safe."))
106 e4.datatype = "range(1,32)"
109 e5 = e:option(ListValue, "ban_sshdaemon", translate("SSH Daemon"),
110 translate("Select the SSH daemon for logfile parsing, to detect break-in events."))
113 e5.default = "dropbear"
116 e6 = e:option(Flag, "ban_autoblacklist", translate("Local Save Blacklist Addons"),
117 translate("Blacklist auto addons are stored temporary in the IPSet and saved permanently in the local blacklist. Disable this option to prevent the local save."))
118 e6.default = e6.enabled
121 e7 = e:option(Flag, "ban_autowhitelist", translate("Local Save Whitelist Addons"),
122 translate("Whitelist auto addons are stored temporary in the IPSet and saved permanently in the local whitelist. Disable this option to prevent the local save."))
123 e7.default = e7.enabled
126 -- Optional Extra Options
128 e20 = e:option(Value, "ban_triggerdelay", translate("Trigger Delay"),
129 translate("Additional trigger delay in seconds before banIP processing begins."))
131 e20.datatype = "range(1,60)"
134 e21 = e:option(ListValue, "ban_starttype", translate("Start Type"),
135 translate("Select the used start type during boot."))
138 e21.default = "start"
141 e22 = e:option(Value, "ban_fetchparm", translate("Download Options"),
142 translate("Special options for the selected download utility, e.g. '--timeout=20 --no-check-certificate -O'."))
145 e30 = e:option(Value, "ban_wan_input_chain", translate("WAN Input Chain IPv4"))
146 e30.default = "input_wan_rule"
147 e30.datatype = "uciname"
150 e31 = e:option(Value, "ban_wan_forward_chain", translate("WAN Forward Chain IPv4"))
151 e31.default = "forwarding_wan_rule"
152 e31.datatype = "uciname"
155 e32 = e:option(Value, "ban_lan_input_chain", translate("LAN Input Chain IPv4"))
156 e32.default = "input_lan_rule"
157 e32.datatype = "uciname"
160 e33 = e:option(Value, "ban_lan_forward_chain", translate("LAN Forward Chain IPv4"))
161 e33.default = "forwarding_lan_rule"
162 e33.datatype = "uciname"
165 e34 = e:option(ListValue, "ban_target_src", translate("SRC Target IPv4"))
171 e35 = e:option(ListValue, "ban_target_dst", translate("DST Target IPv4"))
174 e35.default = "REJECT"
177 e36 = e:option(Value, "ban_wan_input_chain_6", translate("WAN Input Chain IPv6"))
178 e36.default = "input_wan_rule"
179 e36.datatype = "uciname"
182 e37 = e:option(Value, "ban_wan_forward_chain_6", translate("WAN Forward Chain IPv6"))
183 e37.default = "forwarding_wan_rule"
184 e37.datatype = "uciname"
187 e38 = e:option(Value, "ban_lan_input_chain_6", translate("LAN Input Chain IPv6"))
188 e38.default = "input_lan_rule"
189 e38.datatype = "uciname"
192 e39 = e:option(Value, "ban_lan_forward_chain_6", translate("LAN Forward Chain IPv6"))
193 e39.default = "forwarding_lan_rule"
194 e39.datatype = "uciname"
197 e40 = e:option(ListValue, "ban_target_src_6", translate("SRC Target IPv6"))
203 e41 = e:option(ListValue, "ban_target_dst_6", translate("DST Target IPv6"))
206 e41.default = "REJECT"