--- /dev/null
+PO = luci-fw
+
+include ../../build/config.mk
+include ../../build/module.mk
--- /dev/null
+module("luci.controller.luci_fw.luci_fw", package.seeall)
+
+function index()
+ require("luci.i18n").loadc("luci-fw")
+ local i18n = luci.i18n.translate
+
+ entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw"
+ entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10)
+ entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true
+ entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true
+
+ entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw"
+end
\ No newline at end of file
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+m = Map("firewall", translate("Port forwarding"),
+ translate("Port forwarding allows to provide network services in " ..
+ "the internal network to an external network."))
+
+
+s = m:section(TypedSection, "redirect", "")
+s:depends("src", "wan")
+s.defaults.src = "wan"
+
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+
+name = s:option(Value, "_name", translate("Name"), translate("(optional)"))
+name.size = 10
+
+proto = s:option(ListValue, "proto", translate("Protocol"))
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("External port"))
+dport.size = 5
+
+to = s:option(Value, "dest_ip", translate("Internal IP address"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("Internal port"),
+ translate("(optional)"))
+toport.size = 5
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+m = Map("firewall", translate("Traffic Redirection"),
+ translate("Traffic redirection allows you to change the " ..
+ "destination address of forwarded packets."))
+
+
+s = m:section(TypedSection, "redirect", "")
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s")
+
+name = s:option(Value, "_name", translate("Name"), translate("(optional)"))
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("Zone"))
+iface.default = "wan"
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ end)
+
+proto = s:option(ListValue, "proto", translate("Protocol"))
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("Source port"))
+dport.size = 5
+
+to = s:option(Value, "dest_ip", translate("Destination IP"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("Destination port"))
+toport.size = 5
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+arg[1] = arg[1] or ""
+
+m = Map("firewall", translate("Traffic Redirection"),
+ translate("Traffic redirection allows you to change the " ..
+ "destination address of forwarded packets."))
+
+
+s = m:section(NamedSection, arg[1], "redirect", "")
+s.anonymous = true
+s.addremove = false
+
+back = s:option(DummyValue, "_overview", translate("Overview"))
+back.value = ""
+back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect")
+
+name = s:option(Value, "_name", translate("Name"))
+name.rmempty = true
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("Source zone"))
+iface.default = "wan"
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ end)
+
+s:option(Value, "src_ip", translate("Source IP address")).optional = true
+s:option(Value, "src_mac", translate("Source MAC-address")).optional = true
+
+sport = s:option(Value, "src_port", translate("Source port"),
+ translate("Match incoming traffic originating from the given " ..
+ "source port or port range on the client host"))
+sport.optional = true
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+sport:depends("proto", "tcpudp")
+
+proto = s:option(ListValue, "proto", translate("Protocol"))
+proto.optional = true
+proto:value("")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("External port"),
+ translate("Match incoming traffic directed at the given " ..
+ "destination port or port range on this host"))
+dport.size = 5
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+dport:depends("proto", "tcpudp")
+
+to = s:option(Value, "dest_ip", translate("Internal IP address"),
+ translate("Redirect matched incoming traffic to the specified " ..
+ "internal host"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("Internal port (optional)"),
+ translate("Redirect matched incoming traffic to the given port on " ..
+ "the internal host"))
+toport.optional = true
+toport.size = 5
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+
+m = Map("firewall", translate("Traffic Control"))
+s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"),
+ translate("Here you can specify which network traffic is allowed " ..
+ "to flow between network zones. Only new connections will " ..
+ "be matched. Packets belonging to already open " ..
+ "connections are automatically allowed to pass the " ..
+ "firewall. If you experience occasional connection " ..
+ "problems try enabling MSS Clamping otherwise disable it " ..
+ "for performance reasons."))
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+
+iface = s:option(ListValue, "src", translate("Source"))
+oface = s:option(ListValue, "dest", translate("Destination"))
+
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ oface:value(section.name)
+ end)
+
+
+
+s = m:section(TypedSection, "rule", translate("Rules"))
+s.addremove = true
+s.anonymous = true
+s.template = "cbi/tblsection"
+s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s")
+s.defaults.target = "ACCEPT"
+
+local created = nil
+
+function s.create(self, section)
+ created = TypedSection.create(self, section)
+end
+
+function s.parse(self, ...)
+ TypedSection.parse(self, ...)
+ if created then
+ m.uci:save("firewall")
+ luci.http.redirect(luci.dispatcher.build_url(
+ "admin", "network", "firewall", "rule", created
+ ))
+ end
+end
+
+s:option(DummyValue, "_name", translate("Name"))
+s:option(DummyValue, "proto", translate("Protocol"))
+
+src = s:option(DummyValue, "src", translate("Source"))
+function src.cfgvalue(self, s)
+ return "%s:%s:%s" % {
+ self.map:get(s, "src") or "*",
+ self.map:get(s, "src_ip") or "0.0.0.0/0",
+ self.map:get(s, "src_port") or "*"
+ }
+end
+
+dest = s:option(DummyValue, "dest", translate("Destination"))
+function dest.cfgvalue(self, s)
+ return "%s:%s:%s" % {
+ self.map:get(s, "dest") or translate("Device"),
+ self.map:get(s, "dest_ip") or "0.0.0.0/0",
+ self.map:get(s, "dest_port") or "*"
+ }
+end
+
+
+s:option(DummyValue, "target", translate("Action"))
+
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+arg[1] = arg[1] or ""
+m = Map("firewall", translate("Advanced Rules"),
+ translate("Advanced rules let you customize the firewall to your " ..
+ "needs. Only new connections will be matched. Packets " ..
+ "belonging to already open connections are automatically " ..
+ "allowed to pass the firewall."))
+
+s = m:section(NamedSection, arg[1], "rule", "")
+s.anonymous = true
+s.addremove = false
+
+back = s:option(DummyValue, "_overview", translate("Overview"))
+back.value = ""
+back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule")
+
+
+name = s:option(Value, "_name", translate("Name").." "..translate("(optional)"))
+name.rmempty = true
+
+iface = s:option(ListValue, "src", translate("Source zone"))
+iface.rmempty = true
+
+oface = s:option(ListValue, "dest", translate("Destination zone"))
+oface:value("", translate("any"))
+oface.rmempty = true
+
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ oface:value(section.name)
+ end)
+
+proto = s:option(Value, "proto", translate("Protocol"))
+proto.optional = true
+proto:value("")
+proto:value("all", translate("Any"))
+proto:value("tcpudp", "TCP+UDP")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("icmp", "ICMP")
+
+s:option(Value, "src_ip", translate("Source address")).optional = true
+s:option(Value, "dest_ip", translate("Destination address")).optional = true
+s:option(Value, "src_mac", translate("Source MAC-address")).optional = true
+
+sport = s:option(Value, "src_port", translate("Source port"))
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+sport:depends("proto", "tcpudp")
+
+dport = s:option(Value, "dest_port", translate("Destination port"))
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+dport:depends("proto", "tcpudp")
+
+jump = s:option(ListValue, "target", translate("Action"))
+jump.rmempty = true
+jump.default = "ACCEPT"
+jump:value("DROP", translate("drop"))
+jump:value("ACCEPT", translate("accept"))
+jump:value("REJECT", translate("reject"))
+
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+
+local nw = require "luci.model.network"
+local fw = require "luci.model.firewall"
+
+require("luci.tools.webadmin")
+m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow."))
+
+fw.init(m.uci)
+nw.init(m.uci)
+
+s = m:section(TypedSection, "defaults")
+s.anonymous = true
+s.addremove = false
+
+s:option(Flag, "syn_flood", translate("Enable SYN-flood protection"))
+
+local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets"))
+di.rmempty = false
+function di.cfgvalue(...)
+ return AbstractValue.cfgvalue(...) or "1"
+end
+
+p = {}
+p[1] = s:option(ListValue, "input", translate("Input"))
+p[2] = s:option(ListValue, "output", translate("Output"))
+p[3] = s:option(ListValue, "forward", translate("Forward"))
+
+for i, v in ipairs(p) do
+ v:value("REJECT", translate("reject"))
+ v:value("DROP", translate("drop"))
+ v:value("ACCEPT", translate("accept"))
+end
+
+
+s = m:section(TypedSection, "zone", translate("Zones"))
+s.template = "cbi/tblsection"
+s.anonymous = true
+s.addremove = true
+
+name = s:option(Value, "name", translate("Name"))
+name.size = 8
+
+p = {}
+p[1] = s:option(ListValue, "input", translate("Input"))
+p[2] = s:option(ListValue, "output", translate("Output"))
+p[3] = s:option(ListValue, "forward", translate("Forward"))
+
+for i, v in ipairs(p) do
+ v:value("REJECT", translate("reject"))
+ v:value("DROP", translate("drop"))
+ v:value("ACCEPT", translate("accept"))
+end
+
+s:option(Flag, "masq", translate("Masquerading"))
+s:option(Flag, "mtu_fix", translate("MSS clamping"))
+
+net = s:option(MultiValue, "network", translate("Network"))
+net.template = "cbi/network_netlist"
+net.widget = "checkbox"
+net.rmempty = true
+luci.tools.webadmin.cbi_add_networks(net)
+
+function net.cfgvalue(self, section)
+ local value = MultiValue.cfgvalue(self, section)
+ return value or name:cfgvalue(section)
+end
+
+return m
--- /dev/null
+package firewall
+
+config package
+ option title 'Firewall configuration'
+
+config section
+ option name 'zone'
+ option title 'Firewall zones'
+ option package 'firewall'
+
+config variable
+ option name 'name'
+ option title 'Name'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'network'
+ option title 'Networks belonging to this zone'
+ option section 'firewall.zone'
+ option valueof 'network.interface'
+ option multival true
+
+config variable
+ option name 'forward'
+ option title 'Zone specific action for forwarded traffic'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'input'
+ option title 'Zone specific action for incoming traffic'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'output'
+ option title 'Zone specific action for outgoing traffic'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'masq'
+ option title 'Enable masquerading for outgoing zone traffic'
+ option section 'firewall.zone'
+ option datatype 'boolean'
+
+
+
+config section
+ option name 'defaults'
+ option title 'Global firewall defaults'
+ option package 'firewall'
+ option unique true
+ option required true
+
+config variable
+ option name 'forward'
+ option title 'Action for forwarded traffic'
+ option section 'firewall.defaults'
+ option required true
+
+config variable
+ option name 'input'
+ option title 'Action for incoming traffic'
+ option section 'firewall.defaults'
+ option required true
+
+config variable
+ option name 'output'
+ option title 'Action for outgoing traffic'
+ option section 'firewall.defaults'
+ option required true
+
+config variable
+ option name 'syn_flood'
+ option title 'Enable syn-flood protection'
+ option section 'firewall.defaults'
+ option datatype 'boolean'
+
+config variable
+ option name 'drop_invalid'
+ option title 'Do not drop packages with state invalid'
+ option section 'firewall.defaults'
+ option datatype 'boolean'
+
+
+
+config section
+ option name 'forwarding'
+ option title 'Forwarding rules'
+ option package 'firewall'
+
+config variable
+ option name 'src'
+ option title 'Source zone'
+ option section 'firewall.forwarding'
+ option valueof 'firewall.zone.name'
+ option required true
+
+config variable
+ option name 'dest'
+ option title 'Destination zone'
+ option section 'firewall.forwarding'
+ option valueof 'firewall.zone.name'
+ option required true
+
+config variable
+ option name 'mtu_fix'
+ option title 'Fixup MTU of outgoing packages'
+ option section 'firewall.forwarding'
+ option datatype 'boolean'
+
+
+
+config section
+ option name 'rule'
+ option title 'Custom rules'
+ option package 'firewall'
+ list depends 'target, src'
+ list depends 'target, dest'
+ list depends 'target, src_ip'
+ list depends 'target, src_port'
+ list depends 'target, src_mac'
+ list depends 'target, dest_ip'
+ list depends 'target, dest_port'
+ list depends 'target, proto'
+
+config variable
+ option name 'src'
+ option title 'Source zone'
+ option section 'firewall.rule'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'src_ip'
+ option title 'Source IP address'
+ option section 'firewall.rule'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'src_port'
+ option title 'Source port'
+ option section 'firewall.rule'
+ option datatype 'portrange'
+
+config variable
+ option name 'src_mac'
+ option title 'Source MAC address'
+ option section 'firewall.rule'
+ option datatype 'macaddr'
+
+config variable
+ option name 'dest'
+ option title 'Destination zone'
+ option section 'firewall.rule'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'dest_ip'
+ option title 'Destination IP address'
+ option section 'firewall.rule'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'dest_port'
+ option title 'Destination port'
+ option section 'firewall.rule'
+ option datatype 'portrange'
+
+config variable
+ option name 'proto'
+ option title 'Protocol'
+ option section 'firewall.rule'
+ option datatype 'string'
+
+config variable
+ option name 'target'
+ option title 'Option target'
+ option section 'firewall.rule'
+ option datatype 'string'
+
+
+
+config section
+ option name 'redirect'
+ option title 'Redirection rules'
+ option package 'firewall'
+
+config variable
+ option name 'src'
+ option title 'Source zone'
+ option section 'firewall.redirect'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'src_ip'
+ option title 'Source IP address'
+ option section 'firewall.redirect'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'src_port'
+ option title 'Source port'
+ option section 'firewall.redirect'
+ option datatype 'portrange'
+
+config variable
+ option name 'src_dport'
+ option title 'Source destination port'
+ option section 'firewall.redirect'
+ option datatype 'portrange'
+
+config variable
+ option name 'src_mac'
+ option title 'Option src_mac'
+ option section 'firewall.redirect'
+ option datatype 'macaddr'
+
+config variable
+ option name 'dest'
+ option title 'Destination zone'
+ option section 'firewall.redirect'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'dest_ip'
+ option title 'Destination IP address'
+ option section 'firewall.redirect'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'dest_port'
+ option title 'Destination port'
+ option section 'firewall.redirect'
+ option datatype 'portrange'
+
+config variable
+ option name 'proto'
+ option title 'Protocol'
+ option section 'firewall.redirect'
+ option datatype 'string'
+
+
+
+config section
+ option name 'include'
+ option title 'User defined config includes'
+ option package 'firewall'
+
+config variable
+ option name 'path'
+ option title 'Path to the include file'
+ option section 'firewall.include'
+ option datatype 'file'
+++ /dev/null
-PO = luci-fw
-
-include ../../build/config.mk
-include ../../build/module.mk
+++ /dev/null
-module("luci.controller.luci_fw.luci_fw", package.seeall)
-
-function index()
- require("luci.i18n").loadc("luci-fw")
- local i18n = luci.i18n.translate
-
- entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw"
- entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10)
- entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true
- entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true
-
- entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw"
-end
\ No newline at end of file
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-require("luci.sys")
-m = Map("firewall", translate("Port forwarding"),
- translate("Port forwarding allows to provide network services in " ..
- "the internal network to an external network."))
-
-
-s = m:section(TypedSection, "redirect", "")
-s:depends("src", "wan")
-s.defaults.src = "wan"
-
-s.template = "cbi/tblsection"
-s.addremove = true
-s.anonymous = true
-
-name = s:option(Value, "_name", translate("Name"), translate("(optional)"))
-name.size = 10
-
-proto = s:option(ListValue, "proto", translate("Protocol"))
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP+UDP")
-
-dport = s:option(Value, "src_dport", translate("External port"))
-dport.size = 5
-
-to = s:option(Value, "dest_ip", translate("Internal IP address"))
-for i, dataset in ipairs(luci.sys.net.arptable()) do
- to:value(dataset["IP address"])
-end
-
-toport = s:option(Value, "dest_port", translate("Internal port"),
- translate("(optional)"))
-toport.size = 5
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-require("luci.sys")
-m = Map("firewall", translate("Traffic Redirection"),
- translate("Traffic redirection allows you to change the " ..
- "destination address of forwarded packets."))
-
-
-s = m:section(TypedSection, "redirect", "")
-s.template = "cbi/tblsection"
-s.addremove = true
-s.anonymous = true
-s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s")
-
-name = s:option(Value, "_name", translate("Name"), translate("(optional)"))
-name.size = 10
-
-iface = s:option(ListValue, "src", translate("Zone"))
-iface.default = "wan"
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- end)
-
-proto = s:option(ListValue, "proto", translate("Protocol"))
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP+UDP")
-
-dport = s:option(Value, "src_dport", translate("Source port"))
-dport.size = 5
-
-to = s:option(Value, "dest_ip", translate("Destination IP"))
-for i, dataset in ipairs(luci.sys.net.arptable()) do
- to:value(dataset["IP address"])
-end
-
-toport = s:option(Value, "dest_port", translate("Destination port"))
-toport.size = 5
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-require("luci.sys")
-arg[1] = arg[1] or ""
-
-m = Map("firewall", translate("Traffic Redirection"),
- translate("Traffic redirection allows you to change the " ..
- "destination address of forwarded packets."))
-
-
-s = m:section(NamedSection, arg[1], "redirect", "")
-s.anonymous = true
-s.addremove = false
-
-back = s:option(DummyValue, "_overview", translate("Overview"))
-back.value = ""
-back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect")
-
-name = s:option(Value, "_name", translate("Name"))
-name.rmempty = true
-name.size = 10
-
-iface = s:option(ListValue, "src", translate("Source zone"))
-iface.default = "wan"
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- end)
-
-s:option(Value, "src_ip", translate("Source IP address")).optional = true
-s:option(Value, "src_mac", translate("Source MAC-address")).optional = true
-
-sport = s:option(Value, "src_port", translate("Source port"),
- translate("Match incoming traffic originating from the given " ..
- "source port or port range on the client host"))
-sport.optional = true
-sport:depends("proto", "tcp")
-sport:depends("proto", "udp")
-sport:depends("proto", "tcpudp")
-
-proto = s:option(ListValue, "proto", translate("Protocol"))
-proto.optional = true
-proto:value("")
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP+UDP")
-
-dport = s:option(Value, "src_dport", translate("External port"),
- translate("Match incoming traffic directed at the given " ..
- "destination port or port range on this host"))
-dport.size = 5
-dport:depends("proto", "tcp")
-dport:depends("proto", "udp")
-dport:depends("proto", "tcpudp")
-
-to = s:option(Value, "dest_ip", translate("Internal IP address"),
- translate("Redirect matched incoming traffic to the specified " ..
- "internal host"))
-for i, dataset in ipairs(luci.sys.net.arptable()) do
- to:value(dataset["IP address"])
-end
-
-toport = s:option(Value, "dest_port", translate("Internal port (optional)"),
- translate("Redirect matched incoming traffic to the given port on " ..
- "the internal host"))
-toport.optional = true
-toport.size = 5
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-
-m = Map("firewall", translate("Traffic Control"))
-s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"),
- translate("Here you can specify which network traffic is allowed " ..
- "to flow between network zones. Only new connections will " ..
- "be matched. Packets belonging to already open " ..
- "connections are automatically allowed to pass the " ..
- "firewall. If you experience occasional connection " ..
- "problems try enabling MSS Clamping otherwise disable it " ..
- "for performance reasons."))
-s.template = "cbi/tblsection"
-s.addremove = true
-s.anonymous = true
-
-iface = s:option(ListValue, "src", translate("Source"))
-oface = s:option(ListValue, "dest", translate("Destination"))
-
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- oface:value(section.name)
- end)
-
-
-
-s = m:section(TypedSection, "rule", translate("Rules"))
-s.addremove = true
-s.anonymous = true
-s.template = "cbi/tblsection"
-s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s")
-s.defaults.target = "ACCEPT"
-
-local created = nil
-
-function s.create(self, section)
- created = TypedSection.create(self, section)
-end
-
-function s.parse(self, ...)
- TypedSection.parse(self, ...)
- if created then
- m.uci:save("firewall")
- luci.http.redirect(luci.dispatcher.build_url(
- "admin", "network", "firewall", "rule", created
- ))
- end
-end
-
-s:option(DummyValue, "_name", translate("Name"))
-s:option(DummyValue, "proto", translate("Protocol"))
-
-src = s:option(DummyValue, "src", translate("Source"))
-function src.cfgvalue(self, s)
- return "%s:%s:%s" % {
- self.map:get(s, "src") or "*",
- self.map:get(s, "src_ip") or "0.0.0.0/0",
- self.map:get(s, "src_port") or "*"
- }
-end
-
-dest = s:option(DummyValue, "dest", translate("Destination"))
-function dest.cfgvalue(self, s)
- return "%s:%s:%s" % {
- self.map:get(s, "dest") or translate("Device"),
- self.map:get(s, "dest_ip") or "0.0.0.0/0",
- self.map:get(s, "dest_port") or "*"
- }
-end
-
-
-s:option(DummyValue, "target", translate("Action"))
-
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-arg[1] = arg[1] or ""
-m = Map("firewall", translate("Advanced Rules"),
- translate("Advanced rules let you customize the firewall to your " ..
- "needs. Only new connections will be matched. Packets " ..
- "belonging to already open connections are automatically " ..
- "allowed to pass the firewall."))
-
-s = m:section(NamedSection, arg[1], "rule", "")
-s.anonymous = true
-s.addremove = false
-
-back = s:option(DummyValue, "_overview", translate("Overview"))
-back.value = ""
-back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule")
-
-
-name = s:option(Value, "_name", translate("Name").." "..translate("(optional)"))
-name.rmempty = true
-
-iface = s:option(ListValue, "src", translate("Source zone"))
-iface.rmempty = true
-
-oface = s:option(ListValue, "dest", translate("Destination zone"))
-oface:value("", translate("any"))
-oface.rmempty = true
-
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- oface:value(section.name)
- end)
-
-proto = s:option(Value, "proto", translate("Protocol"))
-proto.optional = true
-proto:value("")
-proto:value("all", translate("Any"))
-proto:value("tcpudp", "TCP+UDP")
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("icmp", "ICMP")
-
-s:option(Value, "src_ip", translate("Source address")).optional = true
-s:option(Value, "dest_ip", translate("Destination address")).optional = true
-s:option(Value, "src_mac", translate("Source MAC-address")).optional = true
-
-sport = s:option(Value, "src_port", translate("Source port"))
-sport:depends("proto", "tcp")
-sport:depends("proto", "udp")
-sport:depends("proto", "tcpudp")
-
-dport = s:option(Value, "dest_port", translate("Destination port"))
-dport:depends("proto", "tcp")
-dport:depends("proto", "udp")
-dport:depends("proto", "tcpudp")
-
-jump = s:option(ListValue, "target", translate("Action"))
-jump.rmempty = true
-jump.default = "ACCEPT"
-jump:value("DROP", translate("drop"))
-jump:value("ACCEPT", translate("accept"))
-jump:value("REJECT", translate("reject"))
-
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-
-local nw = require "luci.model.network"
-local fw = require "luci.model.firewall"
-
-require("luci.tools.webadmin")
-m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow."))
-
-fw.init(m.uci)
-nw.init(m.uci)
-
-s = m:section(TypedSection, "defaults")
-s.anonymous = true
-s.addremove = false
-
-s:option(Flag, "syn_flood", translate("Enable SYN-flood protection"))
-
-local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets"))
-di.rmempty = false
-function di.cfgvalue(...)
- return AbstractValue.cfgvalue(...) or "1"
-end
-
-p = {}
-p[1] = s:option(ListValue, "input", translate("Input"))
-p[2] = s:option(ListValue, "output", translate("Output"))
-p[3] = s:option(ListValue, "forward", translate("Forward"))
-
-for i, v in ipairs(p) do
- v:value("REJECT", translate("reject"))
- v:value("DROP", translate("drop"))
- v:value("ACCEPT", translate("accept"))
-end
-
-
-s = m:section(TypedSection, "zone", translate("Zones"))
-s.template = "cbi/tblsection"
-s.anonymous = true
-s.addremove = true
-
-name = s:option(Value, "name", translate("Name"))
-name.size = 8
-
-p = {}
-p[1] = s:option(ListValue, "input", translate("Input"))
-p[2] = s:option(ListValue, "output", translate("Output"))
-p[3] = s:option(ListValue, "forward", translate("Forward"))
-
-for i, v in ipairs(p) do
- v:value("REJECT", translate("reject"))
- v:value("DROP", translate("drop"))
- v:value("ACCEPT", translate("accept"))
-end
-
-s:option(Flag, "masq", translate("Masquerading"))
-s:option(Flag, "mtu_fix", translate("MSS clamping"))
-
-net = s:option(MultiValue, "network", translate("Network"))
-net.template = "cbi/network_netlist"
-net.widget = "checkbox"
-net.rmempty = true
-luci.tools.webadmin.cbi_add_networks(net)
-
-function net.cfgvalue(self, section)
- local value = MultiValue.cfgvalue(self, section)
- return value or name:cfgvalue(section)
-end
-
-return m
+++ /dev/null
-package firewall
-
-config package
- option title 'Firewall configuration'
-
-config section
- option name 'zone'
- option title 'Firewall zones'
- option package 'firewall'
-
-config variable
- option name 'name'
- option title 'Name'
- option section 'firewall.zone'
- option required true
-
-config variable
- option name 'network'
- option title 'Networks belonging to this zone'
- option section 'firewall.zone'
- option valueof 'network.interface'
- option multival true
-
-config variable
- option name 'forward'
- option title 'Zone specific action for forwarded traffic'
- option section 'firewall.zone'
- option required true
-
-config variable
- option name 'input'
- option title 'Zone specific action for incoming traffic'
- option section 'firewall.zone'
- option required true
-
-config variable
- option name 'output'
- option title 'Zone specific action for outgoing traffic'
- option section 'firewall.zone'
- option required true
-
-config variable
- option name 'masq'
- option title 'Enable masquerading for outgoing zone traffic'
- option section 'firewall.zone'
- option datatype 'boolean'
-
-
-
-config section
- option name 'defaults'
- option title 'Global firewall defaults'
- option package 'firewall'
- option unique true
- option required true
-
-config variable
- option name 'forward'
- option title 'Action for forwarded traffic'
- option section 'firewall.defaults'
- option required true
-
-config variable
- option name 'input'
- option title 'Action for incoming traffic'
- option section 'firewall.defaults'
- option required true
-
-config variable
- option name 'output'
- option title 'Action for outgoing traffic'
- option section 'firewall.defaults'
- option required true
-
-config variable
- option name 'syn_flood'
- option title 'Enable syn-flood protection'
- option section 'firewall.defaults'
- option datatype 'boolean'
-
-config variable
- option name 'drop_invalid'
- option title 'Do not drop packages with state invalid'
- option section 'firewall.defaults'
- option datatype 'boolean'
-
-
-
-config section
- option name 'forwarding'
- option title 'Forwarding rules'
- option package 'firewall'
-
-config variable
- option name 'src'
- option title 'Source zone'
- option section 'firewall.forwarding'
- option valueof 'firewall.zone.name'
- option required true
-
-config variable
- option name 'dest'
- option title 'Destination zone'
- option section 'firewall.forwarding'
- option valueof 'firewall.zone.name'
- option required true
-
-config variable
- option name 'mtu_fix'
- option title 'Fixup MTU of outgoing packages'
- option section 'firewall.forwarding'
- option datatype 'boolean'
-
-
-
-config section
- option name 'rule'
- option title 'Custom rules'
- option package 'firewall'
- list depends 'target, src'
- list depends 'target, dest'
- list depends 'target, src_ip'
- list depends 'target, src_port'
- list depends 'target, src_mac'
- list depends 'target, dest_ip'
- list depends 'target, dest_port'
- list depends 'target, proto'
-
-config variable
- option name 'src'
- option title 'Source zone'
- option section 'firewall.rule'
- option valueof 'firewall.zone.name'
-
-config variable
- option name 'src_ip'
- option title 'Source IP address'
- option section 'firewall.rule'
- option datatype 'ipaddr'
-
-config variable
- option name 'src_port'
- option title 'Source port'
- option section 'firewall.rule'
- option datatype 'portrange'
-
-config variable
- option name 'src_mac'
- option title 'Source MAC address'
- option section 'firewall.rule'
- option datatype 'macaddr'
-
-config variable
- option name 'dest'
- option title 'Destination zone'
- option section 'firewall.rule'
- option valueof 'firewall.zone.name'
-
-config variable
- option name 'dest_ip'
- option title 'Destination IP address'
- option section 'firewall.rule'
- option datatype 'ipaddr'
-
-config variable
- option name 'dest_port'
- option title 'Destination port'
- option section 'firewall.rule'
- option datatype 'portrange'
-
-config variable
- option name 'proto'
- option title 'Protocol'
- option section 'firewall.rule'
- option datatype 'string'
-
-config variable
- option name 'target'
- option title 'Option target'
- option section 'firewall.rule'
- option datatype 'string'
-
-
-
-config section
- option name 'redirect'
- option title 'Redirection rules'
- option package 'firewall'
-
-config variable
- option name 'src'
- option title 'Source zone'
- option section 'firewall.redirect'
- option valueof 'firewall.zone.name'
-
-config variable
- option name 'src_ip'
- option title 'Source IP address'
- option section 'firewall.redirect'
- option datatype 'ipaddr'
-
-config variable
- option name 'src_port'
- option title 'Source port'
- option section 'firewall.redirect'
- option datatype 'portrange'
-
-config variable
- option name 'src_dport'
- option title 'Source destination port'
- option section 'firewall.redirect'
- option datatype 'portrange'
-
-config variable
- option name 'src_mac'
- option title 'Option src_mac'
- option section 'firewall.redirect'
- option datatype 'macaddr'
-
-config variable
- option name 'dest'
- option title 'Destination zone'
- option section 'firewall.redirect'
- option valueof 'firewall.zone.name'
-
-config variable
- option name 'dest_ip'
- option title 'Destination IP address'
- option section 'firewall.redirect'
- option datatype 'ipaddr'
-
-config variable
- option name 'dest_port'
- option title 'Destination port'
- option section 'firewall.redirect'
- option datatype 'portrange'
-
-config variable
- option name 'proto'
- option title 'Protocol'
- option section 'firewall.redirect'
- option datatype 'string'
-
-
-
-config section
- option name 'include'
- option title 'User defined config includes'
- option package 'firewall'
-
-config variable
- option name 'path'
- option title 'Path to the include file'
- option section 'firewall.include'
- option datatype 'file'
projects / oweals / luci.git / commitdiff