From: Steven Barth Date: Fri, 3 Oct 2008 16:23:43 +0000 (+0000) Subject: Redesigned firewall configuration X-Git-Tag: 0.8.0~22 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e7291874449a30d74e1a1b656747f30ae3195b6a;p=oweals%2Fluci.git Redesigned firewall configuration --- diff --git a/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua b/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua index 18b6f87f6..4d8c13840 100644 --- a/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua +++ b/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua @@ -7,11 +7,14 @@ function index() local nodes = {} table.insert(nodes, entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("fw_fw"), 60)) - table.insert(nodes, entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/general"), i18n("fw_zones"), 10)) - table.insert(nodes, entry({"admin", "network", "firewall", "portfw"}, cbi("luci_fw/portfw"), i18n("fw_portfw"), 20)) - table.insert(nodes, entry({"admin", "network", "firewall", "forwarding"}, cbi("luci_fw/routing"), i18n("fw_forwarding"), 30)) - table.insert(nodes, entry({"admin", "network", "firewall", "rules"}, cbi("luci_fw/firewall"), i18n("fw_rules"), 40)) - table.insert(nodes, entry({"admin", "network", "firewall", "customfwd"}, cbi("luci_fw/customfwd"), i18n("fw_custfwd"), 50)) + table.insert(nodes, entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("fw_zones"), 10)) + table.insert(nodes, entry({"admin", "network", "firewall", "redirection"}, cbi("luci_fw/redirect"), i18n("fw_redirect"), 30)) + table.insert(nodes, entry({"admin", "network", "firewall", "traffic"}, cbi("luci_fw/traffic"), i18n("fw_traffic"), 20)) + + table.insert(nodes, entry({"admin", "network", "firewall", "rule"}, cbi("luci_fw/trule"))) + nodes[#nodes].leaf = true + table.insert(nodes, entry({"admin", "network", "firewall", "redirect"}, cbi("luci_fw/rrule"))) + nodes[#nodes].leaf = true table.insert(nodes, entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw"), i18n("fw_portfw", "Portweiterleitung"), 70)) diff --git a/applications/luci-fw/luasrc/i18n/luci-fw.de.lua b/applications/luci-fw/luasrc/i18n/luci-fw.de.lua index df071a05e..0261d73f0 100644 --- a/applications/luci-fw/luasrc/i18n/luci-fw.de.lua +++ b/applications/luci-fw/luasrc/i18n/luci-fw.de.lua @@ -1,12 +1,17 @@ fw_portfw = 'Portweiterleitung' -fw_forwarding = 'Zone-zu-Zone Weiterleitung' +fw_redirect = 'Umleitungen' +fw_redirect_desc = 'Umleitungen erlauben es das Ziel von weitergeleiteten Paketen zu verändern.' +fw_forwarding = 'Zone-zu-Zone Verkehr' fw_fw = 'Firewall' fw_zone = 'Zone' fw_zones = 'Zonen' fw_custfwd = 'Erweiterte Weiterleitung' -fw_rules = 'Regeln für eingehenden Verkehr' -fw_rules1 = 'An dieser Stelle können benutzerdefinierte Firewallregeln eingestellt werden um den Netzverkehr zu kontrollieren.' +firewall_rule = 'Erweiterte Regeln' +firewall_rule_desc = 'Mit erweiterten Regeln kann die Firewall an die eigenen Bedürfnisse angepasst werden. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert.' fw_fw1 = 'Die Firewall erstellt Netzwerkzonen über bestimmte Netzwerkschnittstellen um den Netzverkehr zu trennen.' +fw_src = 'Quelle' +fw_dest = 'Ziel' +fw_traffic = 'Verkehrskontrolle' firewall_rule_src = 'Eingangszone' firewall_rule_dest = 'Ausgangszone' firewall_rule_srcip = 'Quelladresse' @@ -26,6 +31,8 @@ firewall_redirect_destip = 'Interne Adresse' firewall_redirect_destip_desc = 'IP-Adresse' firewall_redirect_destport = 'Interner Port (optional)' firewall_redirect_destport_desc = 'Port od. Erster-Letzter Port' +firewall_redirect_srcip = 'Quelladresse' +firewall_redirect_srcmac = 'Quell-MAC-Adresse' fw_forwarding1 = 'An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert.' firewall_forwarding_src = 'Eingang' firewall_forwarding_dest = 'Ausgang' diff --git a/applications/luci-fw/luasrc/i18n/luci-fw.de.xml b/applications/luci-fw/luasrc/i18n/luci-fw.de.xml index 6bf355015..3825bb4ae 100644 --- a/applications/luci-fw/luasrc/i18n/luci-fw.de.xml +++ b/applications/luci-fw/luasrc/i18n/luci-fw.de.xml @@ -3,14 +3,19 @@ Portweiterleitung -Zone-zu-Zone Weiterleitung +Umleitungen +Umleitungen erlauben es das Ziel von weitergeleiteten Paketen zu verändern. +Zone-zu-Zone Verkehr Firewall Zone Zonen Erweiterte Weiterleitung -Regeln für eingehenden Verkehr -An dieser Stelle können benutzerdefinierte Firewallregeln eingestellt werden um den Netzverkehr zu kontrollieren. +Erweiterte Regeln +Mit erweiterten Regeln kann die Firewall an die eigenen Bedürfnisse angepasst werden. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert. Die Firewall erstellt Netzwerkzonen über bestimmte Netzwerkschnittstellen um den Netzverkehr zu trennen. +Quelle +Ziel +Verkehrskontrolle Eingangszone Ausgangszone Quelladresse @@ -31,6 +36,9 @@ IP-Adresse Interner Port (optional) Port od. Erster-Letzter Port +Quelladresse +Quell-MAC-Adresse + An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert. Eingang diff --git a/applications/luci-fw/luasrc/i18n/luci-fw.en.lua b/applications/luci-fw/luasrc/i18n/luci-fw.en.lua index 74da02f63..800eee4d6 100644 --- a/applications/luci-fw/luasrc/i18n/luci-fw.en.lua +++ b/applications/luci-fw/luasrc/i18n/luci-fw.en.lua @@ -1,12 +1,14 @@ fw_portfw = 'Port forwarding' -fw_forwarding = 'Zone-to-Zone forwarding' +fw_redirect = 'Traffic Redirection' +fw_redirect_desc = 'Traffic redirection allows you to change the destination address of forwarded packets.' +fw_forwarding = 'Zone-to-Zone traffic' fw_fw = 'Firewall' fw_zone = 'Zone' fw_zones = 'Zones' fw_custfwd = 'Custom forwarding' -fw_rules = 'Incoming traffic rules' -fw_rules1 = 'Here you can create custom firewall rules to control your network traffic.' fw_fw1 = 'The firewall creates zones over your network interfaces to control network traffic flow.' +firewall_rule = 'Advanced Rules' +firewall_rule_desc = 'Advanced rules let you customize the firewall to your needs. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall.' firewall_rule_src = 'Input Zone' firewall_rule_dest = 'Output Zone' firewall_rule_srcip = 'Source address' @@ -18,10 +20,15 @@ firewall_rule_target = 'Action' fw_accept = 'accept' fw_reject = 'reject' fw_drop = 'drop' +fw_src = 'Source' +fw_dest = 'Destination' +fw_traffic = 'Traffic Control' fw_portfw1 = 'Port forwarding allows to provide network services in the internal network to an external network.' firewall_redirect_src_desc = 'External Zone' firewall_redirect_srcdport = 'External port' firewall_redirect_srcdport_desc = 'port or range as first-last' +firewall_redirect_srcip = 'Source address' +firewall_redirect_srcmac = 'Source MAC' firewall_redirect_destip = 'Internal address' firewall_redirect_destip_desc = 'IP-Address' firewall_redirect_destport = 'Internal port (optional)' diff --git a/applications/luci-fw/luasrc/i18n/luci-fw.en.xml b/applications/luci-fw/luasrc/i18n/luci-fw.en.xml index 1ad9acb8c..1da35bc23 100644 --- a/applications/luci-fw/luasrc/i18n/luci-fw.en.xml +++ b/applications/luci-fw/luasrc/i18n/luci-fw.en.xml @@ -3,14 +3,16 @@ Port forwarding -Zone-to-Zone forwarding +Traffic Redirection +Traffic redirection allows you to change the destination address of forwarded packets. +Zone-to-Zone traffic Firewall Zone Zones Custom forwarding -Incoming traffic rules -Here you can create custom firewall rules to control your network traffic. The firewall creates zones over your network interfaces to control network traffic flow. +Advanced Rules +Advanced rules let you customize the firewall to your needs. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall. Input Zone Output Zone Source address @@ -22,11 +24,16 @@ accept reject drop +Source +Destination +Traffic Control Port forwarding allows to provide network services in the internal network to an external network. External Zone External port port or range as first-last +Source address +Source MAC Internal address IP-Address Internal port (optional) diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua deleted file mode 100644 index b883c4750..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/customfwd.lua +++ /dev/null @@ -1,65 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1")) - - -s = m:section(TypedSection, "redirect", "") -s.addremove = true -s.anonymous = true - -name = s:option(Value, "_name", translate("name")) -name.rmempty = true -name.size = 10 - -iface = s:option(ListValue, "src", translate("fw_zone")) -iface.default = "wan" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - end) - -s:option(Value, "src_ip").optional = true -s:option(Value, "src_mac").optional = true - -sport = s:option(Value, "src_port") -sport.optional = true -sport:depends("proto", "tcp") -sport:depends("proto", "udp") -sport:depends("proto", "tcpudp") - -proto = s:option(ListValue, "proto", translate("protocol")) -proto.optional = true -proto:value("") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport") -dport.size = 5 -dport.optional = true -dport:depends("proto", "tcp") -dport:depends("proto", "udp") -dport:depends("proto", "tcpudp") - -to = s:option(Value, "dest_ip") -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port") -toport.optional = true -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua deleted file mode 100644 index 0d9af93fc..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/firewall.lua +++ /dev/null @@ -1,65 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -m = Map("firewall", translate("fw_rules"), translate("fw_rules1")) - -s = m:section(TypedSection, "rule", "") -s.addremove = true -s.anonymous = true - -iface = s:option(ListValue, "src") -iface.rmempty = true - -oface = s:option(ListValue, "dest") -oface:value("") -oface.optional = true - -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - -proto = s:option(ListValue, "proto", translate("protocol")) -proto.optional = true -proto:value("") -proto:value("tcpudp", "TCP+UDP") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("icmp", "ICMP") - -s:option(Value, "src_ip").optional = true -s:option(Value, "dest_ip").optional = true -s:option(Value, "src_mac").optional = true - -sport = s:option(Value, "src_port") -sport.optional = true -sport:depends("proto", "tcp") -sport:depends("proto", "udp") -sport:depends("proto", "tcpudp") - -dport = s:option(Value, "dest_port") -dport.optional = true -dport:depends("proto", "tcp") -dport:depends("proto", "udp") -dport:depends("proto", "tcpudp") - -jump = s:option(ListValue, "target") -jump.rmempty = true -jump.default = "ACCEPT" -jump:value("DROP", translate("fw_drop")) -jump:value("ACCEPT", translate("fw_accept")) -jump:value("REJECT", translate("fw_reject")) - - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua deleted file mode 100644 index 38f95136d..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/general.lua +++ /dev/null @@ -1,65 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.tools.webadmin") -m = Map("firewall", translate("fw_fw"), translate("fw_fw1")) - -s = m:section(TypedSection, "defaults") -s.anonymous = true - -s:option(Flag, "syn_flood") - -p = {} -p[1] = s:option(ListValue, "input") -p[2] = s:option(ListValue, "output") -p[3] = s:option(ListValue, "forward") - -for i, v in ipairs(p) do - v:value("REJECT", translate("fw_reject")) - v:value("DROP", translate("fw_drop")) - v:value("ACCEPT", translate("fw_accept")) -end - - -s = m:section(TypedSection, "zone", translate("fw_zones")) -s.template = "cbi/tblsection" -s.anonymous = true -s.addremove = true - -name = s:option(Value, "name", translate("name")) -name.size = 8 - -p = {} -p[1] = s:option(ListValue, "input") -p[2] = s:option(ListValue, "output") -p[3] = s:option(ListValue, "forward") - -for i, v in ipairs(p) do - v:value("REJECT", translate("fw_reject")) - v:value("DROP", translate("fw_drop")) - v:value("ACCEPT", translate("fw_accept")) -end - -s:option(Flag, "masq") - -net = s:option(MultiValue, "network") -net.widget = "select" -net.rmempty = true -luci.tools.webadmin.cbi_add_networks(net) - -function net.cfgvalue(self, section) - local value = MultiValue.cfgvalue(self, section) - return value or name:cfgvalue(section) -end - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua deleted file mode 100644 index 9afd4f3e5..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/portfw.lua +++ /dev/null @@ -1,49 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1")) - - -s = m:section(TypedSection, "redirect", "") -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true - -name = s:option(Value, "_name", translate("name"), translate("cbi_optional")) -name.size = 10 - -iface = s:option(ListValue, "src", translate("fw_zone")) -iface.default = "wan" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - end) - -proto = s:option(ListValue, "proto", translate("protocol")) -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport") -dport.size = 5 - -to = s:option(Value, "dest_ip") -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port") -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua new file mode 100644 index 000000000..3aa1066f5 --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua @@ -0,0 +1,50 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +m = Map("firewall", translate("fw_redirect"), translate("fw_redirect_desc")) + + +s = m:section(TypedSection, "redirect", "") +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true +s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s") + +name = s:option(Value, "_name", translate("name"), translate("cbi_optional")) +name.size = 10 + +iface = s:option(ListValue, "src", translate("fw_zone")) +iface.default = "wan" +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +proto = s:option(ListValue, "proto", translate("protocol")) +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport") +dport.size = 5 + +to = s:option(Value, "dest_ip") +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port") +toport.size = 5 + +return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua deleted file mode 100644 index f8689a05c..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/routing.lua +++ /dev/null @@ -1,30 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -m = Map("firewall", translate("fw_forwarding"), translate("fw_forwarding1")) - -s = m:section(TypedSection, "forwarding", "") -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true - -iface = s:option(ListValue, "src") -oface = s:option(ListValue, "dest") - -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua new file mode 100644 index 000000000..795867616 --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua @@ -0,0 +1,66 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +arg[1] = arg[1] or "" + +m = Map("firewall", translate("fw_redirect"), translate("fw_redirect_desc")) + + +s = m:section(NamedSection, arg[1], "redirect", "") +s.anonymous = true + +name = s:option(Value, "_name", translate("name")) +name.rmempty = true +name.size = 10 + +iface = s:option(ListValue, "src", translate("fw_zone")) +iface.default = "wan" +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +s:option(Value, "src_ip", translate("firewall_redirect_srcip")).optional = true +s:option(Value, "src_mac", translate("firewall_redirect_srcmac")).optional = true + +sport = s:option(Value, "src_port", translate("firewall_redirect_srcport")) +sport.optional = true +sport:depends("proto", "tcp") +sport:depends("proto", "udp") +sport:depends("proto", "tcpudp") + +proto = s:option(ListValue, "proto", translate("protocol")) +proto.optional = true +proto:value("") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("firewall_redirect_srcdport")) +dport.size = 5 +dport.optional = true +dport:depends("proto", "tcp") +dport:depends("proto", "udp") +dport:depends("proto", "tcpudp") + +to = s:option(Value, "dest_ip", translate("firewall_redirect_destip")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("firewall_redirect_destport")) +toport.optional = true +toport.size = 5 + +return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua new file mode 100644 index 000000000..660f9706a --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua @@ -0,0 +1,80 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth +Copyright 2008 Jo-Philipp Wich + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("firewall", translate("fw_traffic")) +s = m:section(TypedSection, "forwarding", translate("fw_forwarding"), translate("fw_forwarding1")) +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true + +iface = s:option(ListValue, "src", translate("fw_src")) +oface = s:option(ListValue, "dest", translate("fw_dest")) + +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + oface:value(section.name) + end) + + + +s = m:section(TypedSection, "rule") +s.addremove = true +s.anonymous = true +s.template = "cbi/tblsection" +s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s") + +local created = nil + +function s.create(self, section) + created = TypedSection.create(self, section) +end + +function s.parse(self, ...) + TypedSection.parse(self, ...) + if created then + m.uci:save("firewall") + luci.http.redirect(luci.dispatcher.build_url( + "admin", "network", "firewall", "rule", created + )) + end +end + +s:option(DummyValue, "_name", translate("name")) +s:option(DummyValue, "proto", translate("protocol")) + +src = s:option(DummyValue, "src", translate("fw_src")) +function src.cfgvalue(self, s) + return "%s:%s:%s" % { + self.map:get(s, "src") or "*", + self.map:get(s, "src_ip") or "0.0.0.0/0", + self.map:get(s, "src_port") or "*" + } +end + +dest = s:option(DummyValue, "dest", translate("fw_dest")) +function dest.cfgvalue(self, s) + return "%s:%s:%s" % { + self.map:get(s, "dest") or "*", + self.map:get(s, "dest_ip") or "0.0.0.0/0", + self.map:get(s, "dest_port") or "*" + } +end + + +s:option(DummyValue, "target") + + +return m \ No newline at end of file diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua new file mode 100644 index 000000000..3712196ff --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua @@ -0,0 +1,68 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +arg[1] = arg[1] or "" +m = Map("firewall", translate("firewall_rule"), translate("firewall_rule_desc")) + +s = m:section(NamedSection, arg[1], "rule", "") +s.anonymous = true + +name = s:option(Value, "_name", translate("name")..translate("cbi_optional")) +name.rmempty = true + +iface = s:option(ListValue, "src", translate("firewall_rule_src")) +iface.rmempty = true + +oface = s:option(ListValue, "dest", translate("firewall_rule_dest")) +oface:value("") +oface.optional = true + +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + oface:value(section.name) + end) + +proto = s:option(ListValue, "proto", translate("protocol")) +proto.optional = true +proto:value("") +proto:value("tcpudp", "TCP+UDP") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("icmp", "ICMP") + +s:option(Value, "src_ip", translate("firewall_rule_srcip")).optional = true +s:option(Value, "dest_ip", translate("firewall_rule_destip")).optional = true +s:option(Value, "src_mac", translate("firewall_rule_srcmac")).optional = true + +sport = s:option(Value, "src_port", translate("firewall_rule_srcport")) +sport.optional = true +sport:depends("proto", "tcp") +sport:depends("proto", "udp") +sport:depends("proto", "tcpudp") + +dport = s:option(Value, "dest_port", translate("firewall_rule_destport")) +dport.optional = true +dport:depends("proto", "tcp") +dport:depends("proto", "udp") +dport:depends("proto", "tcpudp") + +jump = s:option(ListValue, "target", translate("firewall_rule_target")) +jump.rmempty = true +jump.default = "ACCEPT" +jump:value("DROP", translate("fw_drop")) +jump:value("ACCEPT", translate("fw_accept")) +jump:value("REJECT", translate("fw_reject")) + + +return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua new file mode 100644 index 000000000..38f95136d --- /dev/null +++ b/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua @@ -0,0 +1,65 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.tools.webadmin") +m = Map("firewall", translate("fw_fw"), translate("fw_fw1")) + +s = m:section(TypedSection, "defaults") +s.anonymous = true + +s:option(Flag, "syn_flood") + +p = {} +p[1] = s:option(ListValue, "input") +p[2] = s:option(ListValue, "output") +p[3] = s:option(ListValue, "forward") + +for i, v in ipairs(p) do + v:value("REJECT", translate("fw_reject")) + v:value("DROP", translate("fw_drop")) + v:value("ACCEPT", translate("fw_accept")) +end + + +s = m:section(TypedSection, "zone", translate("fw_zones")) +s.template = "cbi/tblsection" +s.anonymous = true +s.addremove = true + +name = s:option(Value, "name", translate("name")) +name.size = 8 + +p = {} +p[1] = s:option(ListValue, "input") +p[2] = s:option(ListValue, "output") +p[3] = s:option(ListValue, "forward") + +for i, v in ipairs(p) do + v:value("REJECT", translate("fw_reject")) + v:value("DROP", translate("fw_drop")) + v:value("ACCEPT", translate("fw_accept")) +end + +s:option(Flag, "masq") + +net = s:option(MultiValue, "network") +net.widget = "select" +net.rmempty = true +luci.tools.webadmin.cbi_add_networks(net) + +function net.cfgvalue(self, section) + local value = MultiValue.cfgvalue(self, section) + return value or name:cfgvalue(section) +end + +return m