luci-mod-status: replace iptables controller actions with cgi-io calls

author Jo-Philipp Wich <jo@mein.io>

Wed, 18 Dec 2019 20:57:01 +0000 (21:57 +0100)

committer Jo-Philipp Wich <jo@mein.io>

Wed, 4 Mar 2020 07:50:21 +0000 (08:50 +0100)
author Jo-Philipp Wich <jo@mein.io>
Wed, 18 Dec 2019 20:57:01 +0000 (21:57 +0100)
committer Jo-Philipp Wich <jo@mein.io>
Wed, 4 Mar 2020 07:50:21 +0000 (08:50 +0100)
diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json

index 298b5ed336e995bc740a079bef7ce1fc7c224340..a7d3edaf2e2557cf01c6b16b248b03c40d7045c8 100644 (file)
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@@ -48,7 +48,9 @@
                                 "/usr/bin/traceroute *": [ "exec" ],
                                 "/usr/bin/traceroute6 *": [ "exec" ],
                                 "/usr/bin/nslookup *": [ "exec" ],
-                               "/usr/libexec/luci-peeraddr": [ "exec" ]
+                               "/usr/libexec/luci-peeraddr": [ "exec" ],
+                               "/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
+                               "/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ]
                         },
                         "ubus": {
                                 "file": [ "list", "read", "stat" ],
diff --git a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js

index eaeba578fe1c6a3eff3ccbfe63ccf027ced4db54..966cd560c1a2bbb9b206c0a6ed5b08eb22dc7237 100644 (file)
--- a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js
+++ b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js
@@ -246,8 +246,10 @@ function parse_output(table, s)
  }
  
  table_names.forEach(function(table) {
-       L.poll(5, L.url('admin/status/iptables_dump', current_mode, table.toLowerCase()), null,
-               function (xhr) {
-                       parse_output(table, xhr.responseText);
+       L.Poll.add(function() {
+               var cmd = (current_mode == 6) ? '/usr/sbin/ip6tables' : '/usr/sbin/iptables';
+               return L.fs.exec_direct(cmd, [ '--line-numbers', '-w', '-nvxL', '-t', table.toLowerCase() ]).then(function(output) {
+                       parse_output(table, output);
                 });
+       }, 5);
  });
diff --git a/modules/luci-mod-status/luasrc/controller/admin/status.lua b/modules/luci-mod-status/luasrc/controller/admin/status.lua

index 6f84149223652a858fbf067f160a54e81dd80455..d289c54f6093b9c93ed708aecd1ad2a919babd68 100644 (file)
--- a/modules/luci-mod-status/luasrc/controller/admin/status.lua
+++ b/modules/luci-mod-status/luasrc/controller/admin/status.lua
@@ -10,8 +10,6 @@ function index()
         entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1)
  
         entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true
-       entry({"admin", "status", "iptables_dump"}, call("dump_iptables")).leaf = true
-       entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true
  
         entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3)
         entry({"admin", "status", "syslog"}, call("action_syslog"), _("System Log"), 4)
@@ -37,38 +35,3 @@ function action_dmesg()
         local dmesg = luci.sys.dmesg()
         luci.template.render("admin_status/dmesg", {dmesg=dmesg})
  end
-
-function dump_iptables(family, table)
-       local prefix = (family == "6") and "ip6" or "ip"
-       local ok, lines = pcall(io.lines, "/proc/net/%s_tables_names" % prefix)
-       if ok and lines then
-               local s
-               for s in lines do
-                       if s == table then
-                               luci.http.prepare_content("text/plain")
-                               luci.sys.process.exec({
-                                       "/usr/sbin/%stables" % prefix, "-w", "-t", table,
-                                       "--line-numbers", "-nxvL"
-                               }, luci.http.write)
-                               return
-                       end
-               end
-       end
-
-       luci.http.status(404, "No such table")
-       luci.http.prepare_content("text/plain")
-end
-
-function action_iptables()
-       if luci.http.formvalue("zero") then
-               if luci.http.formvalue("family") == "6" then
-                       luci.util.exec("/usr/sbin/ip6tables -Z")
-               else
-                       luci.util.exec("/usr/sbin/iptables -Z")
-               end
-       elseif luci.http.formvalue("restart") then
-               luci.util.exec("/etc/init.d/firewall restart")
-       end
-
-       luci.http.redirect(luci.dispatcher.build_url("admin/status/iptables"))
-end
author	Jo-Philipp Wich <jo@mein.io>
	Wed, 18 Dec 2019 20:57:01 +0000 (21:57 +0100)
committer	Jo-Philipp Wich <jo@mein.io>
	Wed, 4 Mar 2020 07:50:21 +0000 (08:50 +0100)
modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json		patch \| blob \| history
modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js		patch \| blob \| history
modules/luci-mod-status/luasrc/controller/admin/status.lua		patch \| blob \| history