From d4666757b746fe88c517a605a6f3b9dbcaa0ff93 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 20 Oct 2015 22:27:39 +0200 Subject: [PATCH 1/1] luci-mod-admin-full: protect iptables counter reset and restart with token Signed-off-by: Jo-Philipp Wich --- .../luasrc/controller/admin/status.lua | 23 ++-- .../luasrc/view/admin_status/iptables.htm | 143 ++++++++++----------- 2 files changed, 80 insertions(+), 86 deletions(-) diff --git a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua index 1ceb24d16..24db1e4ff 100644 --- a/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua +++ b/modules/luci-mod-admin-full/luasrc/controller/admin/status.lua @@ -7,7 +7,10 @@ module("luci.controller.admin.status", package.seeall) function index() entry({"admin", "status"}, alias("admin", "status", "overview"), _("Status"), 20).index = true entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1) - entry({"admin", "status", "iptables"}, call("action_iptables"), _("Firewall"), 2).leaf = true + + entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true + entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true + entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3) entry({"admin", "status", "syslog"}, call("action_syslog"), _("System Log"), 4) entry({"admin", "status", "dmesg"}, call("action_dmesg"), _("Kernel Log"), 5) @@ -42,22 +45,16 @@ end function action_iptables() if luci.http.formvalue("zero") then - if luci.http.formvalue("zero") == "6" then - luci.util.exec("ip6tables -Z") + if luci.http.formvalue("family") == "6" then + luci.util.exec("/usr/sbin/ip6tables -Z") else - luci.util.exec("iptables -Z") + luci.util.exec("/usr/sbin/iptables -Z") end - luci.http.redirect( - luci.dispatcher.build_url("admin", "status", "iptables") - ) - elseif luci.http.formvalue("restart") == "1" then + elseif luci.http.formvalue("restart") then luci.util.exec("/etc/init.d/firewall restart") - luci.http.redirect( - luci.dispatcher.build_url("admin", "status", "iptables") - ) - else - luci.template.render("admin_status/iptables") end + + luci.http.redirect(luci.dispatcher.build_url("admin/status/iptables")) end function action_bandwidth(iface) diff --git a/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm b/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm index 375738869..f49469a59 100644 --- a/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm +++ b/modules/luci-mod-admin-full/luasrc/view/admin_status/iptables.htm @@ -1,6 +1,6 @@ <%# Copyright 2008-2009 Steven Barth - Copyright 2008-2011 Jo-Philipp Wich + Copyright 2008-2015 Jo-Philipp Wich Licensed to the public under the Apache License 2.0. -%> @@ -37,7 +37,7 @@ local net = wba.iface_get_network(i) if net and i ~= "lo" then return '%s' %{ - luci.dispatcher.build_url("admin", "network", "network", net), i + url("admin/network/network", net), i } end @@ -60,6 +60,7 @@

<%:Firewall Status%>

+
<% if has_ip6tables then %>
    @@ -68,82 +69,78 @@
<% end %> -
-
-
-

<%:Actions%>

- -

- - <% for _, tbl in ipairs(tables) do chaincnt = 0 %> -

<%:Table%>: <%=tbl%>

- - <% for _, chain in ipairs(ipt:chains(tbl)) do - rowcnt = 0 - chaincnt = chaincnt + 1 - chaininfo = ipt:chain(tbl, chain) - %> - - +
+ + " style="position: absolute; right: 0"> + + + + + + +
+ + <% for _, tbl in ipairs(tables) do chaincnt = 0 %> +

<%:Table%>: <%=tbl%>

+
-
- <%:Chain%> <%=chain%> - (<%- if chaininfo.policy then -%> - <%:Policy%>: <%=chaininfo.policy%>, <%:Packets%>: <%=chaininfo.packets%>, <%:Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%> - <%- else -%> - <%:References%>: <%=chaininfo.references-%> - <%- end -%>) -
+ <% for _, chain in ipairs(ipt:chains(tbl)) do + rowcnt = 0 + chaincnt = chaincnt + 1 + chaininfo = ipt:chain(tbl, chain) + %> + + + + + + + + + + + + + + + + <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %> + + + + + + + + + + - - - - - - - - - - - - - - - <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %> - - - - - - - - - - - - - - <% end %> - - <% if rowcnt == 1 then %> - - - - <% end %> <% end %> - <% if chaincnt == 0 then %> + <% if rowcnt == 1 then %> - + <% end %> -
+
+ <%:Chain%> <%=chain%> + (<%- if chaininfo.policy then -%> + <%:Policy%>: <%=chaininfo.policy%>, <%:Packets%>: <%=chaininfo.packets%>, <%:Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%> + <%- else -%> + <%:References%>: <%=chaininfo.references-%> + <%- end -%>) +
<%:Pkts.%><%:Traffic%><%:Target%><%:Prot.%><%:In%><%:Out%><%:Source%><%:Destination%><%:Options%>
<%=rule.packets%><%=wba.byte_format(rule.bytes)%><%=rule.target and link_target(tbl, rule.target) or "-"%><%=rule.protocol%><%=link_iface(rule.inputif)%><%=link_iface(rule.outputif)%><%=rule.source%><%=rule.destination%><%=#rule.options > 0 and luci.util.pcdata(table.concat(rule.options, " ")) or "-"%>
<%:Rule #%><%:Pkts.%><%:Traffic%><%:Target%><%:Prot.%><%:Flags%><%:In%><%:Out%><%:Source%><%:Destination%><%:Options%>
<%=rule.index%><%=rule.packets%><%=wba.byte_format(rule.bytes)%><%=rule.target and link_target(tbl, rule.target) or "-"%><%=rule.protocol%><%=rule.flags%><%=link_iface(rule.inputif)%><%=link_iface(rule.outputif)%><%=rule.source%><%=rule.destination%><%=#rule.options > 0 and luci.util.pcdata(table.concat(rule.options, " ")) or "-"%>
<%:No rules in this chain%>
<%:No chains in this table%><%:No rules in this chain%>
-

- <% end %> -
-
- + <% end %> + + <% if chaincnt == 0 then %> + + <%:No chains in this table%> + + <% end %> + +

+ <% end %> + + <%+footer%> -- 2.11.0