2 LuCI - Lua Configuration Interface
4 Copyright 2008 Steven Barth <steven@midlink.org>
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
10 http://www.apache.org/licenses/LICENSE-2.0
15 local nw = require "luci.model.network"
16 local fw = require "luci.model.firewall"
17 local ds = require "luci.dispatcher"
19 local has_v2 = nixio.fs.access("/lib/firewall/fw.sh")
21 require("luci.tools.webadmin")
22 m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow."))
27 s = m:section(TypedSection, "defaults")
31 s:tab("general", translate("General Settings"))
32 s:tab("custom", translate("Custom Rules"))
35 s:taboption("general", Flag, "syn_flood", translate("Enable SYN-flood protection"))
37 local di = s:taboption("general", Flag, "drop_invalid", translate("Drop invalid packets"))
39 function di.cfgvalue(...)
40 return AbstractValue.cfgvalue(...) or "1"
44 p[1] = s:taboption("general", ListValue, "input", translate("Input"))
45 p[2] = s:taboption("general", ListValue, "output", translate("Output"))
46 p[3] = s:taboption("general", ListValue, "forward", translate("Forward"))
48 for i, v in ipairs(p) do
49 v:value("REJECT", translate("reject"))
50 v:value("DROP", translate("drop"))
51 v:value("ACCEPT", translate("accept"))
54 custom = s:taboption("custom", Value, "_custom",
55 translate("Custom Rules (/etc/firewall.user)"))
57 custom.template = "cbi/tvalue"
60 function custom.cfgvalue(self, section)
61 return nixio.fs.readfile("/etc/firewall.user")
64 function custom.write(self, section, value)
65 value = value:gsub("\r\n?", "\n")
66 nixio.fs.writefile("/etc/firewall.user", value)
70 s = m:section(TypedSection, "zone", translate("Zones"))
71 s.template = "cbi/tblsection"
74 s.extedit = ds.build_url("admin", "network", "firewall", "zones", "%s")
76 function s.create(self)
77 local z = fw:new_zone()
80 ds.build_url("admin", "network", "firewall", "zones", z.sid)
85 info = s:option(DummyValue, "_info", translate("Zone ⇒ Forwardings"))
86 info.template = "cbi/firewall_zoneforwards"
87 function info.cfgvalue(self, section)
88 return self.map:get(section, "name")
92 p[1] = s:option(ListValue, "input", translate("Input"))
93 p[2] = s:option(ListValue, "output", translate("Output"))
94 p[3] = s:option(ListValue, "forward", translate("Forward"))
96 for i, v in ipairs(p) do
97 v:value("REJECT", translate("reject"))
98 v:value("DROP", translate("drop"))
99 v:value("ACCEPT", translate("accept"))
102 s:option(Flag, "masq", translate("Masquerading"))
103 s:option(Flag, "mtu_fix", translate("MSS clamping"))
112 s = m:section(TypedSection, "redirect", translate("Redirections"))
113 s.template = "cbi/tblsection"
116 s.extedit = ds.build_url("admin", "network", "firewall", "redirect", "%s")
118 function s.create(self, section)
119 created = TypedSection.create(self, section)
122 function s.parse(self, ...)
123 TypedSection.parse(self, ...)
125 m.uci:save("firewall")
126 luci.http.redirect(ds.build_url(
127 "admin", "network", "firewall", "redirect", created
132 name = s:option(DummyValue, "_name", translate("Name"))
133 function name.cfgvalue(self, s)
134 return self.map:get(s, "_name") or "-"
137 proto = s:option(DummyValue, "proto", translate("Protocol"))
138 function proto.cfgvalue(self, s)
139 local p = self.map:get(s, "proto")
140 if not p or p == "tcpudp" then
147 src = s:option(DummyValue, "src", translate("Source"))
148 function src.cfgvalue(self, s)
149 local rv = "%s:%s:%s" % {
150 self.map:get(s, "src") or "*",
151 self.map:get(s, "src_ip") or "0.0.0.0/0",
152 self.map:get(s, "src_port") or "*"
155 local mac = self.map:get(s, "src_mac")
157 rv = rv .. ", MAC " .. mac
163 via = s:option(DummyValue, "via", translate("Via"))
164 function via.cfgvalue(self, s)
165 return "%s:%s:%s" % {
167 self.map:get(s, "src_dip") or "0.0.0.0/0",
168 self.map:get(s, "src_dport") or "*"
172 dest = s:option(DummyValue, "dest", translate("Destination"))
173 function dest.cfgvalue(self, s)
174 return "%s:%s:%s" % {
175 self.map:get(s, "dest") or "*",
176 self.map:get(s, "dest_ip") or "0.0.0.0/0",
177 self.map:get(s, "dest_port") or "*"
181 target = s:option(DummyValue, "target", translate("Action"))
182 function target.cfgvalue(self, s)
183 return self.map:get(s, "target") or "DNAT"
191 s = m:section(TypedSection, "rule", translate("Rules"))
194 s.template = "cbi/tblsection"
195 s.extedit = ds.build_url("admin", "network", "firewall", "rule", "%s")
196 s.defaults.target = "ACCEPT"
198 function s.create(self, section)
199 local created = TypedSection.create(self, section)
200 m.uci:save("firewall")
201 luci.http.redirect(ds.build_url(
202 "admin", "network", "firewall", "rule", created
207 name = s:option(DummyValue, "_name", translate("Name"))
208 function name.cfgvalue(self, s)
209 return self.map:get(s, "_name") or "-"
213 family = s:option(DummyValue, "family", translate("Family"))
214 function family.cfgvalue(self, s)
215 local f = self.map:get(s, "family")
216 if f and f:match("4") then
217 return translate("IPv4 only")
218 elseif f and f:match("6") then
219 return translate("IPv6 only")
221 return translate("IPv4 and IPv6")
226 proto = s:option(DummyValue, "proto", translate("Protocol"))
227 function proto.cfgvalue(self, s)
228 local p = self.map:get(s, "proto")
229 local t = self.map:get(s, "icmp_type")
230 if p == "icmp" and t then
231 return "ICMP (%s)" % t
232 elseif p == "tcpudp" or not p then
239 src = s:option(DummyValue, "src", translate("Source"))
240 function src.cfgvalue(self, s)
241 local rv = "%s:%s:%s" % {
242 self.map:get(s, "src") or "*",
243 self.map:get(s, "src_ip") or "0.0.0.0/0",
244 self.map:get(s, "src_port") or "*"
247 local mac = self.map:get(s, "src_mac")
249 rv = rv .. ", MAC " .. mac
255 dest = s:option(DummyValue, "dest", translate("Destination"))
256 function dest.cfgvalue(self, s)
257 return "%s:%s:%s" % {
258 self.map:get(s, "dest") or translate("Device"),
259 self.map:get(s, "dest_ip") or "0.0.0.0/0",
260 self.map:get(s, "dest_port") or "*"
265 s:option(DummyValue, "target", translate("Action"))