applications/luci-firewall/luasrc/tools/firewall.lua

   1 --[[
   2 LuCI - Lua Configuration Interface
   3
   4 Copyright 2011 Jo-Philipp Wich <xm@subsignal.org>
   5
   6 Licensed under the Apache License, Version 2.0 (the "License");
   7 you may not use this file except in compliance with the License.
   8 You may obtain a copy of the License at
   9
  10         http://www.apache.org/licenses/LICENSE-2.0
  11
  12 $Id$
  13 ]]--
  14
  15 module("luci.tools.firewall", package.seeall)
  16
  17 local ut = require "luci.util"
  18 local ip = require "luci.ip"
  19 local nx = require "nixio"
  20
  21 local translate, translatef = luci.i18n.translate, luci.i18n.translatef
  22
  23 local function tr(...)
  24         return tostring(translate(...))
  25 end
  26
  27 function fmt_neg(x)
  28         if type(x) == "string" then
  29                 local v, neg = x:gsub("^ *! *", "")
  30                 if neg > 0 then
  31                         return v, "%s " % tr("not")
  32                 else
  33                         return x, ""
  34                 end
  35         end
  36         return x, ""
  37 end
  38
  39 function fmt_mac(x)
  40         if x and #x > 0 then
  41                 local m, n
  42                 local l = { tr("MAC"), " " }
  43                 for m in ut.imatch(x) do
  44                         m, n = fmt_neg(m)
  45                         l[#l+1] = "<var>%s%s</var>" %{ n, m }
  46                         l[#l+1] = ", "
  47                 end
  48                 if #l > 1 then
  49                         l[#l] = nil
  50                         if #l > 3 then
  51                                 l[1] = tr("MACs")
  52                         end
  53                         return table.concat(l, "")
  54                 end
  55         end
  56 end
  57
  58 function fmt_port(x, d)
  59         if x and #x > 0 then
  60                 local p, n
  61                 local l = { tr("port"), " " }
  62                 for p in ut.imatch(x) do
  63                         p, n = fmt_neg(p)
  64                         local a, b = p:match("(%d+)%D+(%d+)")
  65                         if a and b then
  66                                 l[1] = tr("ports")
  67                                 l[#l+1] = "<var>%s%d-%d</var>" %{ n, a, b }
  68                         else
  69                                 l[#l+1] = "<var>%s%d</var>" %{ n, p }
  70                         end
  71                         l[#l+1] = ", "
  72                 end
  73                 if #l > 1 then
  74                         l[#l] = nil
  75                         if #l > 3 then
  76                                 l[1] = tr("ports")
  77                         end
  78                         return table.concat(l, "")
  79                 end
  80         end
  81         return d and "<var>%s</var>" % d
  82 end
  83
  84 function fmt_ip(x, d)
  85         if x and #x > 0 then
  86                 local l = { tr("IP"), " " }
  87                 local v, a, n
  88                 for v in ut.imatch(x) do
  89                         v, n = fmt_neg(v)
  90                         a, m = v:match("(%S+)/(%d+%.%S+)")
  91                         a = a or v
  92                         a = a:match(":") and ip.IPv6(a, m) or ip.IPv4(a, m)
  93                         if a and (a:is6() and a:prefix() < 128 or a:prefix() < 32) then
  94                                 l[1] = tr("IP range")
  95                                 l[#l+1] = "<var title='%s - %s'>%s%s</var>" %{
  96                                         a:minhost():string(),
  97                                         a:maxhost():string(),
  98                                         n, a:string()
  99                                 }
 100                         else
 101                                 l[#l+1] = "<var>%s%s</var>" %{
 102                                         n,
 103                                         a and a:string() or v
 104                                 }
 105                         end
 106                         l[#l+1] = ", "
 107                 end
 108                 if #l > 1 then
 109                         l[#l] = nil
 110                         if #l > 3 then
 111                                 l[1] = tr("IPs")
 112                         end
 113                         return table.concat(l, "")
 114                 end
 115         end
 116         return d and "<var>%s</var>" % d
 117 end
 118
 119 function fmt_zone(x, d)
 120         if x == "*" then
 121                 return "<var>%s</var>" % tr("any zone")
 122         elseif x and #x > 0 then
 123                 return "<var>%s</var>" % x
 124         elseif d then
 125                 return "<var>%s</var>" % d
 126         end
 127 end
 128
 129 function fmt_icmp_type(x)
 130         if x and #x > 0 then
 131                 local t, v, n
 132                 local l = { tr("type"), " " }
 133                 for v in ut.imatch(x) do
 134                         v, n = fmt_neg(v)
 135                         l[#l+1] = "<var>%s%s</var>" %{ n, v }
 136                         l[#l+1] = ", "
 137                 end
 138                 if #l > 1 then
 139                         l[#l] = nil
 140                         if #l > 3 then
 141                                 l[1] = tr("types")
 142                         end
 143                         return table.concat(l, "")
 144                 end
 145         end
 146 end
 147
 148 function fmt_proto(x, icmp_types)
 149         if x and #x > 0 then
 150                 local v, n
 151                 local l = { }
 152                 local t = fmt_icmp_type(icmp_types)
 153                 for v in ut.imatch(x) do
 154                         v, n = fmt_neg(v)
 155                         if v == "tcpudp" then
 156                                 l[#l+1] = "TCP"
 157                                 l[#l+1] = "UDP"
 158                                 l[#l+1] = ", "
 159                         elseif v ~= "all" then
 160                                 local p = nx.getproto(v)
 161                                 if p then
 162                                         -- ICMP
 163                                         if (p.proto == 1 or p.proto == 58) and t then
 164                                                 l[#l+1] = translatef(
 165                                                         "%s%s with %s",
 166                                                         n, p.aliases[1] or p.name, t
 167                                                 )
 168                                         else
 169                                                 l[#l+1] = "%s%s" %{
 170                                                         n,
 171                                                         p.aliases[1] or p.name
 172                                                 }
 173                                         end
 174                                         l[#l+1] = ", "
 175                                 end
 176                         end
 177                 end
 178                 if #l > 0 then
 179                         l[#l] = nil
 180                         return table.concat(l, "")
 181                 end
 182         end
 183 end
 184
 185 function fmt_limit(limit, burst)
 186         burst = tonumber(burst)
 187         if limit and #limit > 0 then
 188                 local l, u = limit:match("(%d+)/(%w+)")
 189                 l = tonumber(l or limit)
 190                 u = u or "second"
 191                 if l then
 192                         if u:match("^s") then
 193                                 u = tr("second")
 194                         elseif u:match("^m") then
 195                                 u = tr("minute")
 196                         elseif u:match("^h") then
 197                                 u = tr("hour")
 198                         elseif u:match("^d") then
 199                                 u = tr("day")
 200                         end
 201                         if burst and burst > 0 then
 202                                 return translatef("<var>%d</var> pkts. per <var>%s</var>, \
 203                                     burst <var>%d</var> pkts.", l, u, burst)
 204                         else
 205                                 return translatef("<var>%d</var> pkts. per <var>%s</var>", l, u)
 206                         end
 207                 end
 208         end
 209 end
 210
 211 function fmt_target(x, dest)
 212         if dest and #dest > 0 then
 213                 if x == "ACCEPT" then
 214                         return tr("Accept forward")
 215                 elseif x == "REJECT" then
 216                         return tr("Refuse forward")
 217                 elseif x == "NOTRACK" then
 218                         return tr("Do not track forward")
 219                 else --if x == "DROP" then
 220                         return tr("Discard forward")
 221                 end
 222         else
 223                 if x == "ACCEPT" then
 224                         return tr("Accept input")
 225                 elseif x == "REJECT" then
 226                         return tr("Refuse input")
 227                 elseif x == "NOTRACK" then
 228                         return tr("Do not track input")
 229                 else --if x == "DROP" then
 230                         return tr("Discard input")
 231                 end
 232         end
 233 end
 234
 235
 236 function opt_enabled(s, t, ...)
 237         if t == luci.cbi.Button then
 238                 local o = s:option(t, "__enabled")
 239                 function o.render(self, section)
 240                         if self.map:get(section, "enabled") ~= "0" then
 241                                 self.title      = tr("Rule is enabled")
 242                                 self.inputtitle = tr("Disable")
 243                                 self.inputstyle = "reset"
 244                         else
 245                                 self.title      = tr("Rule is disabled")
 246                                 self.inputtitle = tr("Enable")
 247                                 self.inputstyle = "apply"
 248                         end
 249                         t.render(self, section)
 250                 end
 251                 function o.write(self, section, value)
 252                         if self.map:get(section, "enabled") ~= "0" then
 253                                 self.map:set(section, "enabled", "0")
 254                         else
 255                                 self.map:del(section, "enabled")
 256                         end
 257                 end
 258                 return o
 259         else
 260                 local o = s:option(t, "enabled", ...)
 261                       o.enabled = ""
 262                           o.disabled = "0"
 263                       o.default = o.enabled
 264                 return o
 265         end
 266 end
 267
 268 function opt_name(s, t, ...)
 269         local o = s:option(t, "name", ...)
 270
 271         function o.cfgvalue(self, section)
 272                 return self.map:get(section, "name") or
 273                         self.map:get(section, "_name") or "-"
 274         end
 275
 276         function o.write(self, section, value)
 277                 if value ~= "-" then
 278                         self.map:set(section, "name", value)
 279                         self.map:del(section, "_name")
 280                 else
 281                         self:remove(section)
 282                 end
 283         end
 284
 285         function o.remove(self, section)
 286                 self.map:del(section, "name")
 287                 self.map:del(section, "_name")
 288         end
 289
 290         return o
 291 end