1 -- Copyright 2018-2019 Dirk Brenken (dev@brenken.org)
2 -- This is free software, licensed under the Apache License, Version 2.0
4 local fs = require("nixio.fs")
5 local uci = require("luci.model.uci").cursor()
6 local net = require "luci.model.network".init()
7 local util = require("luci.util")
8 local dump = util.ubus("network.interface", "dump", {})
10 m = Map("banip", translate("banIP"),
11 translate("Configuration of the banIP package to block ip adresses/subnets via IPSet. ")
12 ..translatef("For further information "
13 .. "<a href=\"%s\" target=\"_blank\">"
14 .. "check the online documentation</a>", "https://github.com/openwrt/packages/blob/master/net/banip/files/README.md"))
18 s = m:section(NamedSection, "global", "banip")
20 o1 = s:option(Flag, "ban_enabled", translate("Enable banIP"))
21 o1.default = o1.disabled
24 o2 = s:option(Flag, "ban_automatic", translate("Automatic WAN Interface Detection"))
25 o2.default = o2.enabled
28 o3 = s:option(MultiValue, "ban_iface", translate("Interface Selection"),
29 translate("Disable the automatic WAN detection and select your preferred interface(s) manually."))
32 for i, v in ipairs(dump.interface) do
33 if v.interface ~= "loopback" and v.interface ~= "lan" then
34 local device = v.l3_device or v.device or "-"
35 o3:value(v.interface, v.interface.. " (" ..device.. ")")
39 o3.widget = "checkbox"
42 o4 = s:option(ListValue, "ban_fetchutil", translate("Download Utility"),
43 translate("List of supported and fully pre-configured download utilities."))
44 o4:value("uclient-fetch")
48 o4:value("wget-nossl", "wget-nossl (noSSL)")
49 o4:value("busybox", "wget-busybox (noSSL)")
50 o4.default = "uclient-fetch"
53 -- Runtime Information
55 ds = s:option(DummyValue, "_dummy")
56 ds.template = "banip/runtime"
60 bl = m:section(TypedSection, "source", translate("IP Blocklist Sources"))
61 bl.template = "banip/sourcelist"
63 ssl = bl:option(DummyValue, "ban_src", translate("SSL req."))
64 function ssl.cfgvalue(self, section)
65 local source = self.map:get(section, "ban_src") or self.map:get(section, "ban_src_6")
67 if source:match("https://") then
68 return translate("Yes")
70 return translate("No")
73 return translate("n/a")
76 name_4 = bl:option(Flag, "ban_src_on", translate("enable IPv4"))
77 name_4.rmempty = false
79 name_6 = bl:option(Flag, "ban_src_on_6", translate("enable IPv6"))
80 name_6.rmempty = false
82 type = bl:option(ListValue, "ban_src_ruletype", translate("SRC/DST"))
89 des = bl:option(DummyValue, "ban_src_desc", translate("Description"))
91 cat = bl:option(DynamicList, "ban_src_cat", translate("ASN/Country"))
92 cat.datatype = "uciname"
97 e = m:section(NamedSection, "extra", "banip", translate("Extra Options"),
98 translate("Options for further tweaking in case the defaults are not suitable for you."))
100 e1 = e:option(Flag, "ban_debug", translate("Verbose Debug Logging"),
101 translate("Enable verbose debug logging in case of any processing error."))
104 e2 = e:option(Flag, "ban_nice", translate("Low Priority Service"),
105 translate("Set the nice level to 'low priority' and banIP background processing will take less resources from the system. ")
106 ..translate("This change requires a manual service stop/re-start to take effect."))
111 e3 = e:option(Flag, "ban_backup", translate("Enable Blocklist Backup"),
112 translate("Create compressed blocklist backups, they will be used in case of download errors or during startup in 'backup mode'."))
115 e4 = e:option(Value, "ban_backupdir", translate("Backup Directory"),
116 translate("Target directory for banIP backups. Please use preferably a non-volatile disk, e.g. an external usb stick."))
117 e4:depends("ban_backup", 1)
118 e4.datatype = "directory"
122 e5 = e:option(Flag, "ban_backupboot", translate("Backup Mode"),
123 translate("Do not automatically update blocklists during startup, use their backups instead."))
124 e5:depends("ban_backup", 1)
127 e6 = e:option(Value, "ban_maxqueue", translate("Max. Download Queue"),
128 translate("Size of the download queue to handle downloads & IPset processing in parallel (default '4'). ")
129 .. translate("For further performance improvements you can raise this value, e.g. '8' or '16' should be safe."))
131 e6.datatype = "range(1,32)"
134 -- Optional Extra Options
136 e20 = e:option(Value, "ban_triggerdelay", translate("Trigger Delay"),
137 translate("Additional trigger delay in seconds before banIP processing begins."))
139 e20.datatype = "range(1,60)"
142 e21 = e:option(Value, "ban_fetchparm", translate("Download Options"),
143 translate("Special options for the selected download utility, e.g. '--timeout=20 --no-check-certificate -O'."))
146 e22 = e:option(Value, "ban_wan_input_chain", translate("WAN Input Chain IPv4"))
147 e22.default = "input_wan_rule"
148 e22.datatype = "uciname"
151 e23 = e:option(Value, "ban_wan_forward_chain", translate("WAN Forward Chain IPv4"))
152 e23.default = "forwarding_wan_rule"
153 e23.datatype = "uciname"
156 e24 = e:option(Value, "ban_lan_input_chain", translate("LAN Input Chain IPv4"))
157 e24.default = "input_lan_rule"
158 e24.datatype = "uciname"
161 e25 = e:option(Value, "ban_lan_forward_chain", translate("LAN Forward Chain IPv4"))
162 e25.default = "forwarding_lan_rule"
163 e25.datatype = "uciname"
166 e26 = e:option(ListValue, "ban_target_src", translate("SRC Target IPv4"))
172 e27 = e:option(ListValue, "ban_target_dst", translate("DST Target IPv4"))
175 e27.default = "REJECT"
178 e28 = e:option(Value, "ban_wan_input_chain_6", translate("WAN Input Chain IPv6"))
179 e28.default = "input_wan_rule"
180 e28.datatype = "uciname"
183 e29 = e:option(Value, "ban_wan_forward_chain_6", translate("WAN Forward Chain IPv6"))
184 e29.default = "forwarding_wan_rule"
185 e29.datatype = "uciname"
188 e30 = e:option(Value, "ban_lan_input_chain_6", translate("LAN Input Chain IPv6"))
189 e30.default = "input_lan_rule"
190 e30.datatype = "uciname"
193 e31 = e:option(Value, "ban_lan_forward_chain_6", translate("LAN Forward Chain IPv6"))
194 e31.default = "forwarding_lan_rule"
195 e31.datatype = "uciname"
198 e32 = e:option(ListValue, "ban_target_src_6", translate("SRC Target IPv6"))
204 e33 = e:option(ListValue, "ban_target_dst_6", translate("DST Target IPv6"))
207 e33.default = "REJECT"