luci-mod-admin-full: protect iptables counter reset and restart with token
[project/luci.git] / modules / luci-mod-admin-full / luasrc / view / admin_status / iptables.htm
1 <%#
2  Copyright 2008-2009 Steven Barth <steven@midlink.org>
3  Copyright 2008-2015 Jo-Philipp Wich <jow@openwrt.org>
4  Licensed to the public under the Apache License 2.0.
5 -%>
6
7 <%-
8
9         require "luci.sys.iptparser"
10         local wba = require "luci.tools.webadmin"
11         local fs = require "nixio.fs"
12
13         local has_ip6tables = fs.access("/usr/sbin/ip6tables")
14         local mode = 4
15
16         if has_ip6tables then
17                 mode = luci.dispatcher.context.requestpath
18             mode = tonumber(mode[#mode] ~= "iptables" and mode[#mode]) or 4
19         end
20
21         local ipt = luci.sys.iptparser.IptParser(mode)
22
23         local rowcnt = 1
24         function rowstyle()
25                 rowcnt = rowcnt + 1
26                 return (rowcnt % 2) + 1
27         end
28
29         function link_target(t,c)
30                 if ipt:is_custom_target(c) then
31                         return '<a href="#rule_%s_%s">%s</a>' %{ t:lower(), c, c }
32                 end
33                 return c
34         end
35
36         function link_iface(i)
37                 local net = wba.iface_get_network(i)
38                 if net and i ~= "lo" then
39                         return '<a href="%s">%s</a>' %{
40                                 url("admin/network/network", net), i
41                         }
42
43                 end
44                 return i
45         end
46
47         local tables = { "Filter", "NAT", "Mangle", "Raw" }
48         if mode == 6 then
49                 tables = { "Filter", "Mangle", "Raw" }
50         end
51 -%>
52
53 <%+header%>
54
55 <style type="text/css">
56         span:target {
57                 color: blue;
58                 text-decoration: underline;
59         }
60 </style>
61
62 <h2 name="content"><%:Firewall Status%></h2>
63 <br />
64
65 <% if has_ip6tables then %>
66 <ul class="cbi-tabmenu">
67         <li class="cbi-tab<%= mode ~= 4 and "-disabled" %>"><a href="<%=url("admin/status/iptables/4")%>"><%:IPv4 Firewall%></a></li>
68         <li class="cbi-tab<%= mode ~= 6 and "-disabled" %>"><a href="<%=url("admin/status/iptables/6")%>"><%:IPv6 Firewall%></a></li>
69 </ul>
70 <% end %>
71
72 <div class="cbi-map" style="position: relative">
73
74         <form method="post" action="<%=url("admin/status/iptables_action")%>" style="position: absolute; right: 0">
75                 <input type="hidden" name="token" value="<%=token%>" />
76                 <input type="hidden" name="family" value="<%=mode%>" />
77                 <input type="submit" class="cbi-button" name="zero" value="<%:Reset Counters%>" />
78                 <input type="submit" class="cbi-button" name="restart" value="<%:Restart Firewall%>" />
79         </form>
80
81         <fieldset class="cbi-section">
82
83                 <% for _, tbl in ipairs(tables) do chaincnt = 0 %>
84                         <h3><%:Table%>: <%=tbl%></h3>
85                         <table class="cbi-section-table" style="font-size:90%">
86                                 <% for _, chain in ipairs(ipt:chains(tbl)) do
87                                         rowcnt    = 0
88                                         chaincnt  = chaincnt + 1
89                                         chaininfo = ipt:chain(tbl, chain)
90                                 %>
91                                         <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>">
92                                                 <th class="cbi-section-table-cell" style="text-align:left" colspan="11">
93                                                         <br /><span id="rule_<%=tbl:lower()%>_<%=chain%>">
94                                                         <%:Chain%> <em><%=chain%></em>
95                                                         (<%- if chaininfo.policy then -%>
96                                                                 <%:Policy%>: <em><%=chaininfo.policy%></em>, <%:Packets%>: <%=chaininfo.packets%>, <%:Traffic%>: <%=wba.byte_format(chaininfo.bytes)-%>
97                                                         <%- else -%>
98                                                                 <%:References%>: <%=chaininfo.references-%>
99                                                         <%- end -%>)</span>
100                                                 </th>
101                                         </tr>
102                                         <tr class="cbi-section-table-descr">
103                                                 <th class="cbi-section-table-cell"><%:Pkts.%></th>
104                                                 <th class="cbi-section-table-cell"><%:Traffic%></th>
105                                                 <th class="cbi-section-table-cell"><%:Target%></th>
106                                                 <th class="cbi-section-table-cell"><%:Prot.%></th>
107                                                 <th class="cbi-section-table-cell"><%:In%></th>
108                                                 <th class="cbi-section-table-cell"><%:Out%></th>
109                                                 <th class="cbi-section-table-cell"><%:Source%></th>
110                                                 <th class="cbi-section-table-cell"><%:Destination%></th>
111                                                 <th class="cbi-section-table-cell" style="width:30%"><%:Options%></th>
112                                         </tr>
113
114                                         <% for _, rule in ipairs(ipt:find({table=tbl, chain=chain})) do %>
115                                                 <tr class="cbi-section-table-row cbi-rowstyle-<%=rowstyle()%>">
116                                                         <td><%=rule.packets%></td>
117                                                         <td style="white-space: nowrap"><%=wba.byte_format(rule.bytes)%></td>
118                                                         <td><%=rule.target and link_target(tbl, rule.target) or "-"%></td>
119                                                         <td><%=rule.protocol%></td>
120                                                         <td><%=link_iface(rule.inputif)%></td>
121                                                         <td><%=link_iface(rule.outputif)%></td>
122                                                         <td><%=rule.source%></td>
123                                                         <td><%=rule.destination%></td>
124                                                         <td style="width:30%"><small><%=#rule.options > 0 and luci.util.pcdata(table.concat(rule.options, " ")) or "-"%></small></td>
125                                                 </tr>
126                                         <% end %>
127
128                                         <% if rowcnt == 1 then %>
129                                                 <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>">
130                                                         <td colspan="9"><em><%:No rules in this chain%></em></td>
131                                                 </tr>
132                                         <% end %>
133                                 <% end %>
134
135                                 <% if chaincnt == 0 then %>
136                                         <tr class="cbi-section-table-titles cbi-rowstyle-<%=rowstyle()%>">
137                                                 <td colspan="9"><em><%:No chains in this table%></em></td>
138                                         </tr>
139                                 <% end %>
140                         </table>
141                         <br /><br />
142                 <% end %>
143         </fieldset>
144 </div>
145
146 <%+footer%>