From 8208d68ff469488c4ac0d9a9920a957bf8ac1cdb Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 17 Feb 2009 17:59:02 +0000 Subject: [PATCH] Merge r4225-r4229, r4232, r4234 and r4244 --- .../root/etc/init.d/luci_statistics | 15 +- contrib/package/luci/Makefile | 6 +- i18n/english/luasrc/i18n/admin-core.en.lua | 65 +++- i18n/english/luasrc/i18n/admin-core.en.xml | 65 +++- i18n/english/luasrc/i18n/wifi.en.xml | 2 +- libs/sys/luasrc/sys/iptparser.lua | 294 ++++++++++++------ libs/web/luasrc/dispatcher.lua | 16 +- modules/admin-core/luasrc/view/header.htm | 8 +- .../luasrc/controller/admin/status.lua | 23 +- .../luasrc/view/admin_status/iptables.htm | 132 ++++++++ 10 files changed, 500 insertions(+), 126 deletions(-) create mode 100644 modules/admin-full/luasrc/view/admin_status/iptables.htm diff --git a/applications/luci-statistics/root/etc/init.d/luci_statistics b/applications/luci-statistics/root/etc/init.d/luci_statistics index e4da1d5b1..21ed41ead 100755 --- a/applications/luci-statistics/root/etc/init.d/luci_statistics +++ b/applications/luci-statistics/root/etc/init.d/luci_statistics @@ -18,14 +18,17 @@ start() { ln -s ${imagepath:-/tmp/rrdimg}/ /www/rrdimg fi - ### flush LuCI index cache - test -f /var/luci-indexcache && rm /var/luci-indexcache + ### flush LuCI index cache + test -f /var/luci-indexcache && rm /var/luci-indexcache + + ### workaround broken permissions on /tmp + chmod 1777 /tmp } restart() { - ### regenerate config / prepare environment - start + ### regenerate config / prepare environment + start - ### restart collectd - /etc/init.d/collectd restart + ### restart collectd + /etc/init.d/collectd restart } diff --git a/contrib/package/luci/Makefile b/contrib/package/luci/Makefile index 37cd46b66..31885f764 100644 --- a/contrib/package/luci/Makefile +++ b/contrib/package/luci/Makefile @@ -403,7 +403,11 @@ endef define Package/luci-app-statistics $(call Package/luci/webtemplate) DEPENDS+=+luci-admin-full +PACKAGE_luci-app-statistics:collectd \ - +PACKAGE_luci-app-statistics:collectd-mod-rrdtool1 +PACKAGE_luci-app-statistics:rrdtool1 + +PACKAGE_luci-app-statistics:rrdtool1 \ + +PACKAGE_luci-app-statistics:collectd-mod-rrdtool1 \ + +PACKAGE_luci-app-statistics:collectd-mod-wireless \ + +PACKAGE_luci-app-statistics:collectd-mod-interfaces \ + +PACKAGE_luci-app-statistics:collectd-mod-load TITLE:=LuCI Statistics Application endef diff --git a/i18n/english/luasrc/i18n/admin-core.en.lua b/i18n/english/luasrc/i18n/admin-core.en.lua index cb2aa4e9c..6c71c208d 100644 --- a/i18n/english/luasrc/i18n/admin-core.en.lua +++ b/i18n/english/luasrc/i18n/admin-core.en.lua @@ -41,6 +41,65 @@ a_s_flash = 'Flash Firmware' a_s_i_system1 = 'Change settings related to the system itself, its identification, installed hard- and software, authentication or mount points.' a_s_i_system2 = 'These settings define the base of your system.' a_s_i_system3 = 'Pay attention as any misconfiguration here may prevent your device from booting or may lock yourself out of it.' +a_s_if = 'Interfaces' +a_s_if_bridge = 'Bridge' +a_s_if_bridge_id = 'ID' +a_s_if_bridge_port = 'Bridge Port' +a_s_if_bridge_stp = 'STP' +a_s_if_device = 'Device' +a_s_if_ethbridge = 'Ethernet Bridge' +a_s_if_ethdev = 'Ethernet Adapter' +a_s_if_ethswitch = 'Ethernet Switch' +a_s_if_interface = 'Interface' +a_s_if_ipconfig = 'IP Configuration' +a_s_if_ipconfig_alias = 'Alias' +a_s_if_ipconfig_dhcp = 'DHCP assigned' +a_s_if_ipconfig_ipv6 = 'IPv6' +a_s_if_ipconfig_none = 'Not configured' +a_s_if_ipconfig_primary = 'Primary' +a_s_if_iwchannel = 'Channel' +a_s_if_iwmode = 'Mode' +a_s_if_iwmode_adhoc = 'Ad-Hoc' +a_s_if_iwmode_ahdemo = 'Pseudo Ad-Hoc' +a_s_if_iwmode_ap = 'Master' +a_s_if_iwmode_apwds = 'Master + WDS' +a_s_if_iwmode_sta = 'Client' +a_s_if_iwmode_stawds = 'Client + WDS' +a_s_if_iwmode_wds = 'WDS' +a_s_if_iwssid = 'SSID' +a_s_if_mac = 'MAC' +a_s_if_pkts = 'Pkts.' +a_s_if_status = 'Interface Status' +a_s_if_transfer = 'Transfer' +a_s_if_transfer_rx = 'RX' +a_s_if_transfer_tx = 'TX' +a_s_if_type = 'Type' +a_s_if_vlan = 'VLAN' +a_s_if_vlanports = 'Ports' +a_s_if_wifidev = 'Wireless Adapter' +a_s_ipt = 'Firewall' +a_s_ipt_actions = 'Actions' +a_s_ipt_bytes = 'Traffic' +a_s_ipt_chain = 'Chain' +a_s_ipt_destination = 'Destination' +a_s_ipt_flags = 'Flags' +a_s_ipt_inputif = 'In' +a_s_ipt_nochains = 'No chains in this table' +a_s_ipt_norules = 'No Rules in this chain' +a_s_ipt_options = 'Options' +a_s_ipt_outputif = 'Out' +a_s_ipt_packets = 'Packets' +a_s_ipt_pkts = 'Pkts.' +a_s_ipt_policy = 'Policy' +a_s_ipt_prot = 'Prot.' +a_s_ipt_references = 'References' +a_s_ipt_reset = 'Reset Counters' +a_s_ipt_restart = 'Restart Firewall' +a_s_ipt_rulenum = '#' +a_s_ipt_source = 'Source' +a_s_ipt_status = 'Firewall Status' +a_s_ipt_table = 'Table' +a_s_ipt_target = 'Target' a_s_packages_do = 'Perform Actions' a_s_packages_install = 'Install' a_s_packages_installurl = 'Download and install package' @@ -224,7 +283,6 @@ network_interface_service = 'Service type' network_interface_maxwait = 'Setup wait time' network_interface_maxwait_desc = 'Seconds to wait for the modem to become ready before attempting to connect' network_interface_encaps = 'PPPoA Encapsulation' - a_n_r_routes1 = 'Routes specify over which interface and gateway a certain host or network can be reached.' a_n_routes_static = 'Static Routes' a_n_routes_static4 = 'Static IPv4 Routes' @@ -324,6 +382,5 @@ hostnames = 'Hostnames' hostnames_entries = 'Host entries' hostnames_hostname = 'Hostname' hostnames_address = 'IP address' -luci_components = "LuCI Components" -m_n_mssfix = "Clamp Segment Size" -m_n_mssfix_desc = "Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs." +m_n_mssfix = 'Clamp Segment Size' +m_n_mssfix_desc = 'Fixes problems with unreachable websites, submitting forms or other unexpected behaviour for some ISPs.' diff --git a/i18n/english/luasrc/i18n/admin-core.en.xml b/i18n/english/luasrc/i18n/admin-core.en.xml index 23ab06ed5..39fe5874a 100644 --- a/i18n/english/luasrc/i18n/admin-core.en.xml +++ b/i18n/english/luasrc/i18n/admin-core.en.xml @@ -15,7 +15,7 @@ LuCI is a free, flexible, and user friendly graphical interface for configuring OpenWrt Kamikaze. On the following pages you can adjust all important settings of your router. Notice: In LuCI changes have to be confirmed by clicking Changes - Save & Apply before being applied. -As we are always want to improve this interface we are looking forward to your feedback and suggestions. +As we always want to improve this interface we are looking forward to your feedback and suggestions. And now have fun with your router! The LuCI Team Here you can customize the settings and the functionality of LuCI. @@ -45,6 +45,65 @@ Change settings related to the system itself, its identification, installed hard- and software, authentication or mount points. These settings define the base of your system. Pay attention as any misconfiguration here may prevent your device from booting or may lock yourself out of it. +Interfaces +Bridge +ID +Bridge Port +STP +Device +Ethernet Bridge +Ethernet Adapter +Ethernet Switch +Interface +IP Configuration +Alias +DHCP assigned +IPv6 +Not configured +Primary +Channel +Mode +Ad-Hoc +Pseudo Ad-Hoc +Master +Master + WDS +Client +Client + WDS +WDS +SSID +MAC +Pkts. +Interface Status +Transfer +RX +TX +Type +VLAN +Ports +Wireless Adapter +Firewall +Actions +Traffic +Chain +Destination +Flags +In +No chains in this table +No Rules in this chain +Options +Out +Packets +Pkts. +Policy +Prot. +References +Reset Counters +Restart Firewall +# +Source +Firewall Status +Table +Target Perform Actions Install Download and install package @@ -100,6 +159,10 @@ The realm which will be displayed at the authentication prompt for protected pages. defaults to /etc/httpd.conf Document root +Enable Keep-Alive +Connection timeout +Plugin path +A lightweight HTTP/1.1 webserver written in C and Lua designed to serve LuCI Dropbear offers SSH network shell access and an integrated SCP server Password authentication Allow SSH password authentication diff --git a/i18n/english/luasrc/i18n/wifi.en.xml b/i18n/english/luasrc/i18n/wifi.en.xml index fd6751f32..75a3cbf4b 100644 --- a/i18n/english/luasrc/i18n/wifi.en.xml +++ b/i18n/english/luasrc/i18n/wifi.en.xml @@ -37,7 +37,7 @@ XR Support AR Support Disable HW-Beacon timer -Don not send probe responses +Do not send probe responses WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP and ad-hoc mode) to be installed. diff --git a/libs/sys/luasrc/sys/iptparser.lua b/libs/sys/luasrc/sys/iptparser.lua index 2e8085a55..338fb7dad 100644 --- a/libs/sys/luasrc/sys/iptparser.lua +++ b/libs/sys/luasrc/sys/iptparser.lua @@ -1,7 +1,8 @@ --[[ -LuCI - Iptables parser and query library -Copyright 2008 Jo-Philipp Wich +Iptables parser and query library +(c) 2008-2009 Jo-Philipp Wich +(c) 2008-2009 Steven Barth Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -9,146 +10,181 @@ You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - $Id$ ]]-- -module("luci.sys.iptparser", package.seeall) -require("luci.util") - +local luci = {} +luci.util = require "luci.util" +luci.sys = require "luci.sys" +luci.ip = require "luci.ip" -IptParser = luci.util.class() +local tonumber, ipairs = tonumber, ipairs ---[[ -IptParser.__init__( ... ) +--- LuCI iptables parser and query library +-- @cstyle instance +module("luci.sys.iptparser") -The class constructor, initializes the internal lookup table. -]]-- +--- Create a new iptables parser object. +-- @class function +-- @name IptParser +-- @return IptParser instance +IptParser = luci.util.class() function IptParser.__init__( self, ... ) - self._rules = { } - self._chain = nil + self._rules = { } + self._chains = { } self:_parse_rules() end - ---[[ -IptParser.find( args ) - -Find all firewall rules that match the given criteria. Expects a table with search criteria as only argument. -If args is nil or an empty table then all rules will be returned. - -The following keys in the args table are recognized: - - - table Match rules that are located within the given table - - chain Match rules that are located within the given chain - - target Match rules with the given target - - protocol Match rules that match the given protocol, rules with protocol "all" are always matched - - source Match rules with the given source, rules with source "0.0.0.0/0" are always matched - - destination Match rules with the given destination, rules with destination "0.0.0.0/0" are always matched - - inputif Match rules with the given input interface, rules with input interface "*" (=all) are always matched - - outputif Match rules with the given output interface, rules with output interface "*" (=all) are always matched - - flags Match rules that match the given flags, current supported values are "-f" (--fragment) and "!f" (! --fragment) - - options Match rules containing all given options - -The return value is a list of tables representing the matched rules. -Each rule table contains the following fields: - - - index The index number of the rule - - table The table where the rule is located, can be one of "filter", "nat" or "mangle" - - chain The chain where the rule is located, e.g. "INPUT" or "postrouting_wan" - - target The rule target, e.g. "REJECT" or "DROP" - - protocol The matching protocols, e.g. "all" or "tcp" - - flags Special rule options ("--", "-f" or "!f") - - inputif Input interface of the rule, e.g. "eth0.0" or "*" for all interfaces - - outputif Output interface of the rule, e.g. "eth0.0" or "*" for all interfaces - - source The source ip range, e.g. "0.0.0.0/0" - - destination The destination ip range, e.g. "0.0.0.0/0" - - options A list of specific options of the rule, e.g. { "reject-with", "tcp-reset" } - - packets The number of packets matched by the rule - - bytes The number of total bytes matched by the rule - -Example: - -ip = luci.sys.iptparser.IptParser() -result = ip.find( { - target="REJECT", - protocol="tcp", - options={ "reject-with", "tcp-reset" } -} ) - -This will match all rules with target "-j REJECT", protocol "-p tcp" (or "-p all") and the option "--reject-with tcp-reset". - -]]-- - +--- Find all firewall rules that match the given criteria. Expects a table with +-- search criteria as only argument. If args is nil or an empty table then all +-- rules will be returned. +-- +-- The following keys in the args table are recognized: +--
    +--
  • table - Match rules that are located within the given table +--
  • chain - Match rules that are located within the given chain +--
  • target - Match rules with the given target +--
  • protocol - Match rules that match the given protocol, rules with +-- protocol "all" are always matched +--
  • source - Match rules with the given source, rules with source +-- "0.0.0.0/0" are always matched +--
  • destination - Match rules with the given destination, rules with +-- destination "0.0.0.0/0" are always matched +--
  • inputif - Match rules with the given input interface, rules +-- with input interface "*" (=all) are always matched +--
  • outputif - Match rules with the given output interface, rules +-- with output interface "*" (=all) are always matched +--
  • flags - Match rules that match the given flags, current +-- supported values are "-f" (--fragment) +-- and "!f" (! --fragment) +--
  • options - Match rules containing all given options +--
+-- The return value is a list of tables representing the matched rules. +-- Each rule table contains the following fields: +--
    +--
  • index - The index number of the rule +--
  • table - The table where the rule is located, can be one +-- of "filter", "nat" or "mangle" +--
  • chain - The chain where the rule is located, e.g. "INPUT" +-- or "postrouting_wan" +--
  • target - The rule target, e.g. "REJECT" or "DROP" +--
  • protocol The matching protocols, e.g. "all" or "tcp" +--
  • flags - Special rule options ("--", "-f" or "!f") +--
  • inputif - Input interface of the rule, e.g. "eth0.0" +-- or "*" for all interfaces +--
  • outputif - Output interface of the rule,e.g. "eth0.0" +-- or "*" for all interfaces +--
  • source - The source ip range, e.g. "0.0.0.0/0" +--
  • destination - The destination ip range, e.g. "0.0.0.0/0" +--
  • options - A list of specific options of the rule, +-- e.g. { "reject-with", "tcp-reset" } +--
  • packets - The number of packets matched by the rule +--
  • bytes - The number of total bytes matched by the rule +--
+-- Example: +-- 
+-- ip = luci.sys.iptparser.IptParser()
+-- result = ip.find( {
+-- 	target="REJECT",
+-- 	protocol="tcp",
+-- 	options={ "reject-with", "tcp-reset" }
+-- } )
+--
+-- This will match all rules with target "-j REJECT", +-- protocol "-p tcp" (or "-p all") +-- and the option "--reject-with tcp-reset". +-- @params args Table containing the search arguments (optional) +-- @return Table of matching rule tables function IptParser.find( self, args ) local args = args or { } local rv = { } + args.source = args.source and luci.ip.IPv4(args.source) + args.destination = args.destination and luci.ip.IPv4(args.destination) + for i, rule in ipairs(self._rules) do local match = true -- match table - if not ( not args.table or args.table == rule.table ) then + if not ( not args.table or args.table:lower() == rule.table ) then match = false end -- match chain - if not ( match == true and ( not args.chain or args.chain == rule.chain ) ) then + if not ( match == true and ( + not args.chain or args.chain == rule.chain + ) ) then match = false end -- match target - if not ( match == true and ( not args.target or args.target == rule.target ) ) then + if not ( match == true and ( + not args.target or args.target:upper() == rule.target + ) ) then match = false end -- match protocol - if not ( match == true and ( not args.protocol or rule.protocol == "all" or args.protocol == rule.protocol ) ) then + if not ( match == true and ( + not args.protocol or rule.protocol == "all" or + args.protocol:lower() == rule.protocol + ) ) then match = false end - - -- match source (XXX: implement ipcalc stuff so that 192.168.1.0/24 matches 0.0.0.0/0 etc.) - if not ( match == true and ( not args.source or rule.source == "0.0.0.0/0" or rule.source == args.source ) ) then + + -- match source + if not ( match == true and ( + not args.source or rule.source == "0.0.0.0/0" or + luci.ip.IPv4(rule.source):contains(args.source) + ) ) then match = false end - -- match destination (XXX: implement ipcalc stuff so that 192.168.1.0/24 matches 0.0.0.0/0 etc.) - if not ( match == true and ( not args.destination or rule.destination == "0.0.0.0/0" or rule.destination == args.destination ) ) then + -- match destination + if not ( match == true and ( + not args.destination or rule.destination == "0.0.0.0/0" or + luci.ip.IPv4(rule.destination):contains(args.destination) + ) ) then match = false end -- match input interface - if not ( match == true and ( not args.inputif or rule.inputif == "*" or args.inputif == rule.inputif ) ) then + if not ( match == true and ( + not args.inputif or rule.inputif == "*" or + args.inputif == rule.inputif + ) ) then match = false end -- match output interface - if not ( match == true and ( not args.outputif or rule.outputif == "*" or args.outputif == rule.outputif ) ) then + if not ( match == true and ( + not args.outputif or rule.outputif == "*" or + args.outputif == rule.outputif + ) ) then match = false end -- match flags (the "opt" column) - if not ( match == true and ( not args.flags or rule.flags == args.flags ) ) then + if not ( match == true and ( + not args.flags or rule.flags == args.flags + ) ) then match = false end -- match specific options - if not ( match == true and ( not args.options or self:_match_options( rule.options, args.options ) ) ) then + if not ( match == true and ( + not args.options or + self:_match_options( rule.options, args.options ) + ) ) then match = false end - -- insert match if match == true then - table.insert( rv, rule ) + rv[#rv+1] = rule end end @@ -156,12 +192,9 @@ function IptParser.find( self, args ) end ---[[ -IptParser.resync() - -Rebuild the internal lookup table, for example when rules have changed through external commands. -]]-- - +--- Rebuild the internal lookup table, for example when rules have changed +-- through external commands. +-- @return nothing function IptParser.resync( self ) self._rules = { } self._chain = nil @@ -169,21 +202,76 @@ function IptParser.resync( self ) end ---[[ -IptParser._parse_rules() +--- Find the names of all chains within the given table name. +-- @param table String containing the table name +-- @return Table of chain names in the order they occur. +function IptParser.chains( self, table ) + local lookup = { } + local chains = { } + for _, r in ipairs(self:find({table=table})) do + if not lookup[r.chain] then + lookup[r.chain] = true + chains[#chains+1] = r.chain + end + end + return chains +end + + +--- Return the given firewall chain within the given table name. +-- @param table String containing the table name +-- @param chain String containing the chain name +-- @return Table containing the fields "policy", "packets", "bytes" +-- and "rules". The "rules" field is a table of rule tables. +function IptParser.chain( self, table, chain ) + return self._chains[table:lower()] and self._chains[table:lower()][chain] +end + + +--- Test whether the given target points to a custom chain. +-- @param target String containing the target action +-- @return Boolean indicating whether target is a custom chain. +function IptParser.is_custom_target( self, target ) + for _, r in ipairs(self._rules) do + if r.chain == target then + return true + end + end + return false +end -[internal] Parse iptables output from all tables. -]]-- +-- [internal] Parse iptables output from all tables. function IptParser._parse_rules( self ) for i, tbl in ipairs({ "filter", "nat", "mangle" }) do + self._chains[tbl] = { } + for i, rule in ipairs(luci.util.execl("iptables -t " .. tbl .. " --line-numbers -nxvL")) do if rule:find( "Chain " ) == 1 then - - self._chain = rule:gsub("Chain ([^%s]*) .*", "%1") + + local crefs + local cname, cpol, cpkt, cbytes = rule:match( + "Chain ([^%s]*) %(policy (%w+) " .. + "(%d+) packets, (%d+) bytes%)" + ) + + if not cname then + cname, crefs = rule:match( + "Chain ([^%s]*) %((%d+) references%)" + ) + end + + self._chain = cname + self._chains[tbl][cname] = { + policy = cpol, + packets = tonumber(cpkt or 0), + bytes = tonumber(cbytes or 0), + references = tonumber(crefs or 0), + rules = { } + } else if rule:find("%d") == 1 then @@ -205,11 +293,15 @@ function IptParser._parse_rules( self ) rule_details["destination"] = rule_parts[10] rule_details["options"] = { } - for i = 11, #rule_parts - 1 do + for i = 11, #rule_parts - 1 do rule_details["options"][i-10] = rule_parts[i] end - table.insert( self._rules, rule_details ) + self._rules[#self._rules+1] = rule_details + + self._chains[tbl][self._chain].rules[ + #self._chains[tbl][self._chain].rules + 1 + ] = rule_details end end end @@ -219,12 +311,8 @@ function IptParser._parse_rules( self ) end ---[[ -IptParser._match_options( optlist1, optlist2 ) - -[internal] Return true if optlist1 contains all elements of optlist2. Return false in all other cases. -]]-- - +-- [internal] Return true if optlist1 contains all elements of optlist 2. +-- Return false in all other cases. function IptParser._match_options( self, o1, o2 ) -- construct a hashtable of first options list to speed up lookups diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index 5110209aa..538017dc7 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -74,12 +74,14 @@ end -- @param message Custom error message (optional)# -- @return false function error500(message) - luci.http.status(500, "Internal Server Error") - - require("luci.template") - if not luci.util.copcall(luci.template.render, "error500", {message=message}) then - luci.http.prepare_content("text/plain") - luci.http.write(message) + if not context.template_header_sent then + luci.http.status(500, "Internal Server Error") + else + require("luci.template") + if not luci.util.copcall(luci.template.render, "error500", {message=message}) then + luci.http.prepare_content("text/plain") + luci.http.write(message) + end end return false end @@ -589,7 +591,7 @@ end local function _call(self, ...) - if #self.argv > 0 then + if #self.argv > 0 then return getfenv()[self.name](unpack(self.argv), ...) else return getfenv()[self.name](...) diff --git a/modules/admin-core/luasrc/view/header.htm b/modules/admin-core/luasrc/view/header.htm index 6625e46b0..77018b117 100644 --- a/modules/admin-core/luasrc/view/header.htm +++ b/modules/admin-core/luasrc/view/header.htm @@ -12,4 +12,10 @@ You may obtain a copy of the License at $Id$ -%> -<% include("themes/" .. theme .. "/header") %> \ No newline at end of file + +<% + if not luci.dispatcher.context.template_header_sent then + include("themes/" .. theme .. "/header") + luci.dispatcher.context.template_header_sent = true + end +%> diff --git a/modules/admin-full/luasrc/controller/admin/status.lua b/modules/admin-full/luasrc/controller/admin/status.lua index 09e7766c1..feb0802e5 100644 --- a/modules/admin-full/luasrc/controller/admin/status.lua +++ b/modules/admin-full/luasrc/controller/admin/status.lua @@ -18,8 +18,11 @@ function index() local i18n = luci.i18n.translate entry({"admin", "status"}, template("admin_status/index"), i18n("status", "Status"), 20).index = true - entry({"admin", "status", "syslog"}, call("action_syslog"), i18n("syslog", "Systemprotokoll"), 1) - entry({"admin", "status", "dmesg"}, call("action_dmesg"), i18n("dmesg", "Kernelprotokoll"), 2) + entry({"admin", "status", "interfaces"}, template("admin_status/interfaces"), i18n("interfaces", "Interfaces"), 1) + entry({"admin", "status", "iptables"}, call("action_iptables"), i18n("a_s_ipt", "Firewall"), 2) + entry({"admin", "status", "syslog"}, call("action_syslog"), i18n("syslog", "System Log"), 3) + entry({"admin", "status", "dmesg"}, call("action_dmesg"), i18n("dmesg", "Kernel Log"), 4) + end function action_syslog() @@ -31,3 +34,19 @@ function action_dmesg() local dmesg = luci.sys.dmesg() luci.template.render("admin_status/dmesg", {dmesg=dmesg}) end + +function action_iptables() + if luci.http.formvalue("zero") == "1" then + luci.util.exec("iptables -Z") + luci.http.redirect( + luci.dispatcher.build_url("admin", "status", "iptables") + ) + elseif luci.http.formvalue("restart") == "1" then + luci.util.exec("/etc/init.d/firewall restart") + luci.http.redirect( + luci.dispatcher.build_url("admin", "status", "iptables") + ) + else + luci.template.render("admin_status/iptables") + end +end diff --git a/modules/admin-full/luasrc/view/admin_status/iptables.htm b/modules/admin-full/luasrc/view/admin_status/iptables.htm new file mode 100644 index 000000000..b0153b7aa --- /dev/null +++ b/modules/admin-full/luasrc/view/admin_status/iptables.htm @@ -0,0 +1,132 @@ +<%# +LuCI - Lua Configuration Interface +Copyright 2008-2009 Steven Barth +Copyright 2008-2009 Jo-Philipp Wich + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ + +-%> + +<%- + + require "luci.sys.iptparser" + require "luci.tools.webadmin" + + local ipt = luci.sys.iptparser.IptParser() + local wba = luci.tools.webadmin + + local rowcnt = 1 + function rowstyle() + rowcnt = rowcnt + 1 + return (rowcnt % 2) + 1 + end + + function link_target(t,c) + if ipt:is_custom_target(c) then + return '%s' %{ t:lower(), c, c } + end + return c + end + + function link_iface(i) + local net = wba.iface_get_network(i) + if net and i ~= "lo" then + return '%s' %{ + luci.dispatcher.build_url("admin", "network", "network", net), i + } + + end + return i + end + +-%> + +<%+header%> + +

<%:a_s_ipt_status Firewall Status%>

+ +
+
+
+

<%:a_s_ipt_actions Actions%>

+ +

+ + <% for _, tbl in ipairs({"Filter", "NAT", "Mangle"}) do chaincnt = 0 %> +

<%:a_s_ipt_table Table%>: <%=tbl%>

+ + <% for _, chain in ipairs(ipt:chains(tbl)) do + rowcnt = 0 + chaincnt = chaincnt + 1 + chaininfo = ipt:chain(tbl, chain) + %> + + + + + + + + + + + + + + + + + + <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %> + + + + + + + + + + + + + + <% end %> + + <% if rowcnt == 1 then %> + + + + <% end %> + <% end %> + + <% if chaincnt == 0 then %> + + + + <% end %> +
+
+ <%:a_s_ipt_chain Chain%> <%=chain%> + (<%- if chaininfo.policy then -%> + <%:a_s_ipt_policy Policy%>: <%=chaininfo.policy%>, <%:a_s_ipt_packets Packets%>: <%=chaininfo.packets%>, <%:a_s_ipt_bytes Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%> + <%- else -%> + <%:a_s_ipt_references References%>: <%=chaininfo.references-%> + <%- end -%>) +
<%:a_s_ipt_rulenum Rule #%><%:a_s_ipt_packets Pkts.%><%:a_s_ipt_bytes Traffic%><%:a_s_ipt_target Target%><%:a_s_ipt_proto Prot.%><%:a_s_ipt_flags Flags%><%:a_s_ipt_inputif In%><%:a_s_ipt_outputif Out%><%:a_s_ipt_source Source%><%:a_s_ipt_destination Destination%><%:a_s_ipt_options Options%>
<%=rule.index%><%=rule.packets%><%=wba.byte_format(rule.bytes)%><%=link_target(tbl, rule.target)%><%=rule.protocol%><%=rule.flags%><%=link_iface(rule.inputif)%><%=link_iface(rule.outputif)%><%=rule.source%><%=rule.destination%><%=#rule.options > 0 and table.concat(rule.options, " ") or "-"%>
<%:a_s_ipt_norules No rules in this chain%>
<%:a_s_ipt_nochains No chains in this table%>
+

+ <% end %> +
+
+
+ +<%+footer%> -- 2.25.1