projects / project / luci.git / blob
? search:


10a9869490236615817b8e198208b9c879006b74
[project/luci.git] / applications / luci-firewall / luasrc / model / cbi / luci_fw / trule.lua
1 --[[
2 LuCI - Lua Configuration Interface
3
4 Copyright 2008 Steven Barth <steven@midlink.org>
5 Copyright 2010 Jo-Philipp Wich <xm@subsignal.org>
6
7 Licensed under the Apache License, Version 2.0 (the "License");
8 you may not use this file except in compliance with the License.
9 You may obtain a copy of the License at
10
11         http://www.apache.org/licenses/LICENSE-2.0
12
13 $Id$
14 ]]--
15
16 local has_v2 = nixio.fs.access("/lib/firewall/fw.sh")
17 local dsp = require "luci.dispatcher"
18
19 arg[1] = arg[1] or ""
20
21 m = Map("firewall", translate("Advanced Rules"),
22         translate("Advanced rules let you customize the firewall to your " ..
23                 "needs. Only new connections will be matched. Packets " ..
24                 "belonging to already open connections are automatically " ..
25                 "allowed to pass the firewall."))
26
27 m.redirect = dsp.build_url("admin", "network", "firewall")
28
29 if not m.uci:get(arg[1]) == "rule" then
30         luci.http.redirect(m.redirect)
31         return
32 end
33
34 s = m:section(NamedSection, arg[1], "rule", "")
35 s.anonymous = true
36 s.addremove = false
37
38 s:tab("general", translate("General Settings"))
39 s:tab("advanced", translate("Advanced Options"))
40
41 back = s:option(DummyValue, "_overview", translate("Overview"))
42 back.value = ""
43 back.titleref = dsp.build_url("admin", "network", "firewall", "rule")
44
45
46 name = s:taboption("general", Value, "_name", translate("Name").." "..translate("(optional)"))
47 name.rmempty = true
48
49 src = s:taboption("general", Value, "src", translate("Source zone"))
50 src.nocreate = true
51 src.default = "wan"
52 src.template = "cbi/firewall_zonelist"
53
54 dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
55 dest.nocreate = true
56 dest.allowlocal = true
57 dest.template = "cbi/firewall_zonelist"
58
59 proto = s:taboption("general", Value, "proto", translate("Protocol"))
60 proto.optional = true
61 proto:value("all", translate("Any"))
62 proto:value("tcpudp", "TCP+UDP")
63 proto:value("tcp", "TCP")
64 proto:value("udp", "UDP")
65 proto:value("icmp", "ICMP")
66
67 icmpt = s:taboption("general", Value, "icmp_type", translate("Match ICMP type"))
68 icmpt:depends("proto", "icmp")
69 icmpt:value("", "any")
70 icmpt:value("echo-reply")
71 icmpt:value("destination-unreachable")
72 icmpt:value("network-unreachable")
73 icmpt:value("host-unreachable")
74 icmpt:value("protocol-unreachable")
75 icmpt:value("port-unreachable")
76 icmpt:value("fragmentation-needed")
77 icmpt:value("source-route-failed")
78 icmpt:value("network-unknown")
79 icmpt:value("host-unknown")
80 icmpt:value("network-prohibited")
81 icmpt:value("host-prohibited")
82 icmpt:value("TOS-network-unreachable")
83 icmpt:value("TOS-host-unreachable")
84 icmpt:value("communication-prohibited")
85 icmpt:value("host-precedence-violation")
86 icmpt:value("precedence-cutoff")
87 icmpt:value("source-quench")
88 icmpt:value("redirect")
89 icmpt:value("network-redirect")
90 icmpt:value("host-redirect")
91 icmpt:value("TOS-network-redirect")
92 icmpt:value("TOS-host-redirect")
93 icmpt:value("echo-request")
94 icmpt:value("router-advertisement")
95 icmpt:value("router-solicitation")
96 icmpt:value("time-exceeded")
97 icmpt:value("ttl-zero-during-transit")
98 icmpt:value("ttl-zero-during-reassembly")
99 icmpt:value("parameter-problem")
100 icmpt:value("ip-header-bad")
101 icmpt:value("required-option-missing")
102 icmpt:value("timestamp-request")
103 icmpt:value("timestamp-reply")
104 icmpt:value("address-mask-request")
105 icmpt:value("address-mask-reply")
106
107 src_ip = s:taboption("general", Value, "src_ip", translate("Source address"))
108 src_ip.optional = true
109 src_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
110 src_ip.placeholder = translate("any")
111
112 sport = s:taboption("general", Value, "src_port", translate("Source port"))
113 sport.optional = true
114 sport.datatype = "portrange"
115 sport.placeholder = "0-65535"
116 sport:depends("proto", "tcp")
117 sport:depends("proto", "udp")
118 sport:depends("proto", "tcpudp")
119
120 dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address"))
121 dest_ip.optional = true
122 dest_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
123 dest_ip.placeholder = translate("any")
124
125 dport = s:taboption("general", Value, "dest_port", translate("Destination port"))
126 dport.optional = true
127 dport.datatype = "portrange"
128 dport:depends("proto", "tcp")
129 dport:depends("proto", "udp")
130 dport:depends("proto", "tcpudp")
131 dport.placeholder = "0-65535"
132
133 jump = s:taboption("general", ListValue, "target", translate("Action"))
134 jump.rmempty = true
135 jump.default = "ACCEPT"
136 jump:value("DROP", translate("drop"))
137 jump:value("ACCEPT", translate("accept"))
138 jump:value("REJECT", translate("reject"))
139 jump:value("NOTRACK", translate("don't track"))
140
141
142 smac = s:taboption("advanced", Value, "src_mac", translate("Source MAC address"))
143 smac.optional = true
144 smac.datatype = "macaddr"
145 smac.placeholder = translate("any")
146
147 if has_v2 then
148         family = s:taboption("advanced", ListValue, "family", translate("Restrict to address family"))
149         family.rmempty = true
150         family:value("", translate("IPv4 and IPv6"))
151         family:value("ipv4", translate("IPv4 only"))
152         family:value("ipv6", translate("IPv6 only"))
153 end
154
155 return m
Lua Configuration Interface (mirror)