From: Jo-Philipp Wich Date: Sat, 16 Oct 2010 15:24:07 +0000 (+0000) Subject: applications: rename luci-fw to luci-firewall X-Git-Tag: 0.10.0~603 X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fluci.git;a=commitdiff_plain;h=4ad99af940a90592b51729aa44a155f8053fd85b applications: rename luci-fw to luci-firewall --- diff --git a/applications/luci-firewall/Makefile b/applications/luci-firewall/Makefile new file mode 100644 index 000000000..87e881d95 --- /dev/null +++ b/applications/luci-firewall/Makefile @@ -0,0 +1,4 @@ +PO = luci-fw + +include ../../build/config.mk +include ../../build/module.mk diff --git a/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua b/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua new file mode 100644 index 000000000..766821af0 --- /dev/null +++ b/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua @@ -0,0 +1,13 @@ +module("luci.controller.luci_fw.luci_fw", package.seeall) + +function index() + require("luci.i18n").loadc("luci-fw") + local i18n = luci.i18n.translate + + entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw" + entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10) + entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true + entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true + + entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw" +end \ No newline at end of file diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua new file mode 100644 index 000000000..44b15f2c7 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua @@ -0,0 +1,48 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +m = Map("firewall", translate("Port forwarding"), + translate("Port forwarding allows to provide network services in " .. + "the internal network to an external network.")) + + +s = m:section(TypedSection, "redirect", "") +s:depends("src", "wan") +s.defaults.src = "wan" + +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true + +name = s:option(Value, "_name", translate("Name"), translate("(optional)")) +name.size = 10 + +proto = s:option(ListValue, "proto", translate("Protocol")) +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("External port")) +dport.size = 5 + +to = s:option(Value, "dest_ip", translate("Internal IP address")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("Internal port"), + translate("(optional)")) +toport.size = 5 + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua new file mode 100644 index 000000000..da87015c8 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua @@ -0,0 +1,52 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +m = Map("firewall", translate("Traffic Redirection"), + translate("Traffic redirection allows you to change the " .. + "destination address of forwarded packets.")) + + +s = m:section(TypedSection, "redirect", "") +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true +s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s") + +name = s:option(Value, "_name", translate("Name"), translate("(optional)")) +name.size = 10 + +iface = s:option(ListValue, "src", translate("Zone")) +iface.default = "wan" +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +proto = s:option(ListValue, "proto", translate("Protocol")) +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("Source port")) +dport.size = 5 + +to = s:option(Value, "dest_ip", translate("Destination IP")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("Destination port")) +toport.size = 5 + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua new file mode 100644 index 000000000..63e014444 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua @@ -0,0 +1,80 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +require("luci.sys") +arg[1] = arg[1] or "" + +m = Map("firewall", translate("Traffic Redirection"), + translate("Traffic redirection allows you to change the " .. + "destination address of forwarded packets.")) + + +s = m:section(NamedSection, arg[1], "redirect", "") +s.anonymous = true +s.addremove = false + +back = s:option(DummyValue, "_overview", translate("Overview")) +back.value = "" +back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect") + +name = s:option(Value, "_name", translate("Name")) +name.rmempty = true +name.size = 10 + +iface = s:option(ListValue, "src", translate("Source zone")) +iface.default = "wan" +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + end) + +s:option(Value, "src_ip", translate("Source IP address")).optional = true +s:option(Value, "src_mac", translate("Source MAC-address")).optional = true + +sport = s:option(Value, "src_port", translate("Source port"), + translate("Match incoming traffic originating from the given " .. + "source port or port range on the client host")) +sport.optional = true +sport:depends("proto", "tcp") +sport:depends("proto", "udp") +sport:depends("proto", "tcpudp") + +proto = s:option(ListValue, "proto", translate("Protocol")) +proto.optional = true +proto:value("") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("tcpudp", "TCP+UDP") + +dport = s:option(Value, "src_dport", translate("External port"), + translate("Match incoming traffic directed at the given " .. + "destination port or port range on this host")) +dport.size = 5 +dport:depends("proto", "tcp") +dport:depends("proto", "udp") +dport:depends("proto", "tcpudp") + +to = s:option(Value, "dest_ip", translate("Internal IP address"), + translate("Redirect matched incoming traffic to the specified " .. + "internal host")) +for i, dataset in ipairs(luci.sys.net.arptable()) do + to:value(dataset["IP address"]) +end + +toport = s:option(Value, "dest_port", translate("Internal port (optional)"), + translate("Redirect matched incoming traffic to the given port on " .. + "the internal host")) +toport.optional = true +toport.size = 5 + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua new file mode 100644 index 000000000..3bdc6db4c --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua @@ -0,0 +1,88 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth +Copyright 2008 Jo-Philipp Wich + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +m = Map("firewall", translate("Traffic Control")) +s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"), + translate("Here you can specify which network traffic is allowed " .. + "to flow between network zones. Only new connections will " .. + "be matched. Packets belonging to already open " .. + "connections are automatically allowed to pass the " .. + "firewall. If you experience occasional connection " .. + "problems try enabling MSS Clamping otherwise disable it " .. + "for performance reasons.")) +s.template = "cbi/tblsection" +s.addremove = true +s.anonymous = true + +iface = s:option(ListValue, "src", translate("Source")) +oface = s:option(ListValue, "dest", translate("Destination")) + +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + oface:value(section.name) + end) + + + +s = m:section(TypedSection, "rule", translate("Rules")) +s.addremove = true +s.anonymous = true +s.template = "cbi/tblsection" +s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s") +s.defaults.target = "ACCEPT" + +local created = nil + +function s.create(self, section) + created = TypedSection.create(self, section) +end + +function s.parse(self, ...) + TypedSection.parse(self, ...) + if created then + m.uci:save("firewall") + luci.http.redirect(luci.dispatcher.build_url( + "admin", "network", "firewall", "rule", created + )) + end +end + +s:option(DummyValue, "_name", translate("Name")) +s:option(DummyValue, "proto", translate("Protocol")) + +src = s:option(DummyValue, "src", translate("Source")) +function src.cfgvalue(self, s) + return "%s:%s:%s" % { + self.map:get(s, "src") or "*", + self.map:get(s, "src_ip") or "0.0.0.0/0", + self.map:get(s, "src_port") or "*" + } +end + +dest = s:option(DummyValue, "dest", translate("Destination")) +function dest.cfgvalue(self, s) + return "%s:%s:%s" % { + self.map:get(s, "dest") or translate("Device"), + self.map:get(s, "dest_ip") or "0.0.0.0/0", + self.map:get(s, "dest_port") or "*" + } +end + + +s:option(DummyValue, "target", translate("Action")) + + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua new file mode 100644 index 000000000..0ce41e38c --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua @@ -0,0 +1,77 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- +arg[1] = arg[1] or "" +m = Map("firewall", translate("Advanced Rules"), + translate("Advanced rules let you customize the firewall to your " .. + "needs. Only new connections will be matched. Packets " .. + "belonging to already open connections are automatically " .. + "allowed to pass the firewall.")) + +s = m:section(NamedSection, arg[1], "rule", "") +s.anonymous = true +s.addremove = false + +back = s:option(DummyValue, "_overview", translate("Overview")) +back.value = "" +back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule") + + +name = s:option(Value, "_name", translate("Name").." "..translate("(optional)")) +name.rmempty = true + +iface = s:option(ListValue, "src", translate("Source zone")) +iface.rmempty = true + +oface = s:option(ListValue, "dest", translate("Destination zone")) +oface:value("", translate("any")) +oface.rmempty = true + +luci.model.uci.cursor():foreach("firewall", "zone", + function (section) + iface:value(section.name) + oface:value(section.name) + end) + +proto = s:option(Value, "proto", translate("Protocol")) +proto.optional = true +proto:value("") +proto:value("all", translate("Any")) +proto:value("tcpudp", "TCP+UDP") +proto:value("tcp", "TCP") +proto:value("udp", "UDP") +proto:value("icmp", "ICMP") + +s:option(Value, "src_ip", translate("Source address")).optional = true +s:option(Value, "dest_ip", translate("Destination address")).optional = true +s:option(Value, "src_mac", translate("Source MAC-address")).optional = true + +sport = s:option(Value, "src_port", translate("Source port")) +sport:depends("proto", "tcp") +sport:depends("proto", "udp") +sport:depends("proto", "tcpudp") + +dport = s:option(Value, "dest_port", translate("Destination port")) +dport:depends("proto", "tcp") +dport:depends("proto", "udp") +dport:depends("proto", "tcpudp") + +jump = s:option(ListValue, "target", translate("Action")) +jump.rmempty = true +jump.default = "ACCEPT" +jump:value("DROP", translate("drop")) +jump:value("ACCEPT", translate("accept")) +jump:value("REJECT", translate("reject")) + + +return m diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua new file mode 100644 index 000000000..edb82a9b5 --- /dev/null +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua @@ -0,0 +1,81 @@ +--[[ +LuCI - Lua Configuration Interface + +Copyright 2008 Steven Barth + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +$Id$ +]]-- + +local nw = require "luci.model.network" +local fw = require "luci.model.firewall" + +require("luci.tools.webadmin") +m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow.")) + +fw.init(m.uci) +nw.init(m.uci) + +s = m:section(TypedSection, "defaults") +s.anonymous = true +s.addremove = false + +s:option(Flag, "syn_flood", translate("Enable SYN-flood protection")) + +local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets")) +di.rmempty = false +function di.cfgvalue(...) + return AbstractValue.cfgvalue(...) or "1" +end + +p = {} +p[1] = s:option(ListValue, "input", translate("Input")) +p[2] = s:option(ListValue, "output", translate("Output")) +p[3] = s:option(ListValue, "forward", translate("Forward")) + +for i, v in ipairs(p) do + v:value("REJECT", translate("reject")) + v:value("DROP", translate("drop")) + v:value("ACCEPT", translate("accept")) +end + + +s = m:section(TypedSection, "zone", translate("Zones")) +s.template = "cbi/tblsection" +s.anonymous = true +s.addremove = true + +name = s:option(Value, "name", translate("Name")) +name.size = 8 + +p = {} +p[1] = s:option(ListValue, "input", translate("Input")) +p[2] = s:option(ListValue, "output", translate("Output")) +p[3] = s:option(ListValue, "forward", translate("Forward")) + +for i, v in ipairs(p) do + v:value("REJECT", translate("reject")) + v:value("DROP", translate("drop")) + v:value("ACCEPT", translate("accept")) +end + +s:option(Flag, "masq", translate("Masquerading")) +s:option(Flag, "mtu_fix", translate("MSS clamping")) + +net = s:option(MultiValue, "network", translate("Network")) +net.template = "cbi/network_netlist" +net.widget = "checkbox" +net.rmempty = true +luci.tools.webadmin.cbi_add_networks(net) + +function net.cfgvalue(self, section) + local value = MultiValue.cfgvalue(self, section) + return value or name:cfgvalue(section) +end + +return m diff --git a/applications/luci-firewall/root/lib/uci/schema/default/firewall b/applications/luci-firewall/root/lib/uci/schema/default/firewall new file mode 100644 index 000000000..35ff0565c --- /dev/null +++ b/applications/luci-firewall/root/lib/uci/schema/default/firewall @@ -0,0 +1,255 @@ +package firewall + +config package + option title 'Firewall configuration' + +config section + option name 'zone' + option title 'Firewall zones' + option package 'firewall' + +config variable + option name 'name' + option title 'Name' + option section 'firewall.zone' + option required true + +config variable + option name 'network' + option title 'Networks belonging to this zone' + option section 'firewall.zone' + option valueof 'network.interface' + option multival true + +config variable + option name 'forward' + option title 'Zone specific action for forwarded traffic' + option section 'firewall.zone' + option required true + +config variable + option name 'input' + option title 'Zone specific action for incoming traffic' + option section 'firewall.zone' + option required true + +config variable + option name 'output' + option title 'Zone specific action for outgoing traffic' + option section 'firewall.zone' + option required true + +config variable + option name 'masq' + option title 'Enable masquerading for outgoing zone traffic' + option section 'firewall.zone' + option datatype 'boolean' + + + +config section + option name 'defaults' + option title 'Global firewall defaults' + option package 'firewall' + option unique true + option required true + +config variable + option name 'forward' + option title 'Action for forwarded traffic' + option section 'firewall.defaults' + option required true + +config variable + option name 'input' + option title 'Action for incoming traffic' + option section 'firewall.defaults' + option required true + +config variable + option name 'output' + option title 'Action for outgoing traffic' + option section 'firewall.defaults' + option required true + +config variable + option name 'syn_flood' + option title 'Enable syn-flood protection' + option section 'firewall.defaults' + option datatype 'boolean' + +config variable + option name 'drop_invalid' + option title 'Do not drop packages with state invalid' + option section 'firewall.defaults' + option datatype 'boolean' + + + +config section + option name 'forwarding' + option title 'Forwarding rules' + option package 'firewall' + +config variable + option name 'src' + option title 'Source zone' + option section 'firewall.forwarding' + option valueof 'firewall.zone.name' + option required true + +config variable + option name 'dest' + option title 'Destination zone' + option section 'firewall.forwarding' + option valueof 'firewall.zone.name' + option required true + +config variable + option name 'mtu_fix' + option title 'Fixup MTU of outgoing packages' + option section 'firewall.forwarding' + option datatype 'boolean' + + + +config section + option name 'rule' + option title 'Custom rules' + option package 'firewall' + list depends 'target, src' + list depends 'target, dest' + list depends 'target, src_ip' + list depends 'target, src_port' + list depends 'target, src_mac' + list depends 'target, dest_ip' + list depends 'target, dest_port' + list depends 'target, proto' + +config variable + option name 'src' + option title 'Source zone' + option section 'firewall.rule' + option valueof 'firewall.zone.name' + +config variable + option name 'src_ip' + option title 'Source IP address' + option section 'firewall.rule' + option datatype 'ipaddr' + +config variable + option name 'src_port' + option title 'Source port' + option section 'firewall.rule' + option datatype 'portrange' + +config variable + option name 'src_mac' + option title 'Source MAC address' + option section 'firewall.rule' + option datatype 'macaddr' + +config variable + option name 'dest' + option title 'Destination zone' + option section 'firewall.rule' + option valueof 'firewall.zone.name' + +config variable + option name 'dest_ip' + option title 'Destination IP address' + option section 'firewall.rule' + option datatype 'ipaddr' + +config variable + option name 'dest_port' + option title 'Destination port' + option section 'firewall.rule' + option datatype 'portrange' + +config variable + option name 'proto' + option title 'Protocol' + option section 'firewall.rule' + option datatype 'string' + +config variable + option name 'target' + option title 'Option target' + option section 'firewall.rule' + option datatype 'string' + + + +config section + option name 'redirect' + option title 'Redirection rules' + option package 'firewall' + +config variable + option name 'src' + option title 'Source zone' + option section 'firewall.redirect' + option valueof 'firewall.zone.name' + +config variable + option name 'src_ip' + option title 'Source IP address' + option section 'firewall.redirect' + option datatype 'ipaddr' + +config variable + option name 'src_port' + option title 'Source port' + option section 'firewall.redirect' + option datatype 'portrange' + +config variable + option name 'src_dport' + option title 'Source destination port' + option section 'firewall.redirect' + option datatype 'portrange' + +config variable + option name 'src_mac' + option title 'Option src_mac' + option section 'firewall.redirect' + option datatype 'macaddr' + +config variable + option name 'dest' + option title 'Destination zone' + option section 'firewall.redirect' + option valueof 'firewall.zone.name' + +config variable + option name 'dest_ip' + option title 'Destination IP address' + option section 'firewall.redirect' + option datatype 'ipaddr' + +config variable + option name 'dest_port' + option title 'Destination port' + option section 'firewall.redirect' + option datatype 'portrange' + +config variable + option name 'proto' + option title 'Protocol' + option section 'firewall.redirect' + option datatype 'string' + + + +config section + option name 'include' + option title 'User defined config includes' + option package 'firewall' + +config variable + option name 'path' + option title 'Path to the include file' + option section 'firewall.include' + option datatype 'file' diff --git a/applications/luci-fw/Makefile b/applications/luci-fw/Makefile deleted file mode 100644 index 87e881d95..000000000 --- a/applications/luci-fw/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -PO = luci-fw - -include ../../build/config.mk -include ../../build/module.mk diff --git a/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua b/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua deleted file mode 100644 index 766821af0..000000000 --- a/applications/luci-fw/luasrc/controller/luci_fw/luci_fw.lua +++ /dev/null @@ -1,13 +0,0 @@ -module("luci.controller.luci_fw.luci_fw", package.seeall) - -function index() - require("luci.i18n").loadc("luci-fw") - local i18n = luci.i18n.translate - - entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw" - entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10) - entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true - entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true - - entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw" -end \ No newline at end of file diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua deleted file mode 100644 index 44b15f2c7..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/miniportfw.lua +++ /dev/null @@ -1,48 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -m = Map("firewall", translate("Port forwarding"), - translate("Port forwarding allows to provide network services in " .. - "the internal network to an external network.")) - - -s = m:section(TypedSection, "redirect", "") -s:depends("src", "wan") -s.defaults.src = "wan" - -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true - -name = s:option(Value, "_name", translate("Name"), translate("(optional)")) -name.size = 10 - -proto = s:option(ListValue, "proto", translate("Protocol")) -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport", translate("External port")) -dport.size = 5 - -to = s:option(Value, "dest_ip", translate("Internal IP address")) -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port", translate("Internal port"), - translate("(optional)")) -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua deleted file mode 100644 index da87015c8..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/redirect.lua +++ /dev/null @@ -1,52 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -m = Map("firewall", translate("Traffic Redirection"), - translate("Traffic redirection allows you to change the " .. - "destination address of forwarded packets.")) - - -s = m:section(TypedSection, "redirect", "") -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true -s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s") - -name = s:option(Value, "_name", translate("Name"), translate("(optional)")) -name.size = 10 - -iface = s:option(ListValue, "src", translate("Zone")) -iface.default = "wan" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - end) - -proto = s:option(ListValue, "proto", translate("Protocol")) -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport", translate("Source port")) -dport.size = 5 - -to = s:option(Value, "dest_ip", translate("Destination IP")) -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port", translate("Destination port")) -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua deleted file mode 100644 index 63e014444..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/rrule.lua +++ /dev/null @@ -1,80 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -require("luci.sys") -arg[1] = arg[1] or "" - -m = Map("firewall", translate("Traffic Redirection"), - translate("Traffic redirection allows you to change the " .. - "destination address of forwarded packets.")) - - -s = m:section(NamedSection, arg[1], "redirect", "") -s.anonymous = true -s.addremove = false - -back = s:option(DummyValue, "_overview", translate("Overview")) -back.value = "" -back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect") - -name = s:option(Value, "_name", translate("Name")) -name.rmempty = true -name.size = 10 - -iface = s:option(ListValue, "src", translate("Source zone")) -iface.default = "wan" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - end) - -s:option(Value, "src_ip", translate("Source IP address")).optional = true -s:option(Value, "src_mac", translate("Source MAC-address")).optional = true - -sport = s:option(Value, "src_port", translate("Source port"), - translate("Match incoming traffic originating from the given " .. - "source port or port range on the client host")) -sport.optional = true -sport:depends("proto", "tcp") -sport:depends("proto", "udp") -sport:depends("proto", "tcpudp") - -proto = s:option(ListValue, "proto", translate("Protocol")) -proto.optional = true -proto:value("") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("tcpudp", "TCP+UDP") - -dport = s:option(Value, "src_dport", translate("External port"), - translate("Match incoming traffic directed at the given " .. - "destination port or port range on this host")) -dport.size = 5 -dport:depends("proto", "tcp") -dport:depends("proto", "udp") -dport:depends("proto", "tcpudp") - -to = s:option(Value, "dest_ip", translate("Internal IP address"), - translate("Redirect matched incoming traffic to the specified " .. - "internal host")) -for i, dataset in ipairs(luci.sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:option(Value, "dest_port", translate("Internal port (optional)"), - translate("Redirect matched incoming traffic to the given port on " .. - "the internal host")) -toport.optional = true -toport.size = 5 - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua deleted file mode 100644 index 3bdc6db4c..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/traffic.lua +++ /dev/null @@ -1,88 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth -Copyright 2008 Jo-Philipp Wich - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- - -m = Map("firewall", translate("Traffic Control")) -s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"), - translate("Here you can specify which network traffic is allowed " .. - "to flow between network zones. Only new connections will " .. - "be matched. Packets belonging to already open " .. - "connections are automatically allowed to pass the " .. - "firewall. If you experience occasional connection " .. - "problems try enabling MSS Clamping otherwise disable it " .. - "for performance reasons.")) -s.template = "cbi/tblsection" -s.addremove = true -s.anonymous = true - -iface = s:option(ListValue, "src", translate("Source")) -oface = s:option(ListValue, "dest", translate("Destination")) - -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - - - -s = m:section(TypedSection, "rule", translate("Rules")) -s.addremove = true -s.anonymous = true -s.template = "cbi/tblsection" -s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s") -s.defaults.target = "ACCEPT" - -local created = nil - -function s.create(self, section) - created = TypedSection.create(self, section) -end - -function s.parse(self, ...) - TypedSection.parse(self, ...) - if created then - m.uci:save("firewall") - luci.http.redirect(luci.dispatcher.build_url( - "admin", "network", "firewall", "rule", created - )) - end -end - -s:option(DummyValue, "_name", translate("Name")) -s:option(DummyValue, "proto", translate("Protocol")) - -src = s:option(DummyValue, "src", translate("Source")) -function src.cfgvalue(self, s) - return "%s:%s:%s" % { - self.map:get(s, "src") or "*", - self.map:get(s, "src_ip") or "0.0.0.0/0", - self.map:get(s, "src_port") or "*" - } -end - -dest = s:option(DummyValue, "dest", translate("Destination")) -function dest.cfgvalue(self, s) - return "%s:%s:%s" % { - self.map:get(s, "dest") or translate("Device"), - self.map:get(s, "dest_ip") or "0.0.0.0/0", - self.map:get(s, "dest_port") or "*" - } -end - - -s:option(DummyValue, "target", translate("Action")) - - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua deleted file mode 100644 index 0ce41e38c..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/trule.lua +++ /dev/null @@ -1,77 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- -arg[1] = arg[1] or "" -m = Map("firewall", translate("Advanced Rules"), - translate("Advanced rules let you customize the firewall to your " .. - "needs. Only new connections will be matched. Packets " .. - "belonging to already open connections are automatically " .. - "allowed to pass the firewall.")) - -s = m:section(NamedSection, arg[1], "rule", "") -s.anonymous = true -s.addremove = false - -back = s:option(DummyValue, "_overview", translate("Overview")) -back.value = "" -back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule") - - -name = s:option(Value, "_name", translate("Name").." "..translate("(optional)")) -name.rmempty = true - -iface = s:option(ListValue, "src", translate("Source zone")) -iface.rmempty = true - -oface = s:option(ListValue, "dest", translate("Destination zone")) -oface:value("", translate("any")) -oface.rmempty = true - -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - -proto = s:option(Value, "proto", translate("Protocol")) -proto.optional = true -proto:value("") -proto:value("all", translate("Any")) -proto:value("tcpudp", "TCP+UDP") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("icmp", "ICMP") - -s:option(Value, "src_ip", translate("Source address")).optional = true -s:option(Value, "dest_ip", translate("Destination address")).optional = true -s:option(Value, "src_mac", translate("Source MAC-address")).optional = true - -sport = s:option(Value, "src_port", translate("Source port")) -sport:depends("proto", "tcp") -sport:depends("proto", "udp") -sport:depends("proto", "tcpudp") - -dport = s:option(Value, "dest_port", translate("Destination port")) -dport:depends("proto", "tcp") -dport:depends("proto", "udp") -dport:depends("proto", "tcpudp") - -jump = s:option(ListValue, "target", translate("Action")) -jump.rmempty = true -jump.default = "ACCEPT" -jump:value("DROP", translate("drop")) -jump:value("ACCEPT", translate("accept")) -jump:value("REJECT", translate("reject")) - - -return m diff --git a/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua b/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua deleted file mode 100644 index edb82a9b5..000000000 --- a/applications/luci-fw/luasrc/model/cbi/luci_fw/zones.lua +++ /dev/null @@ -1,81 +0,0 @@ ---[[ -LuCI - Lua Configuration Interface - -Copyright 2008 Steven Barth - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -$Id$ -]]-- - -local nw = require "luci.model.network" -local fw = require "luci.model.firewall" - -require("luci.tools.webadmin") -m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow.")) - -fw.init(m.uci) -nw.init(m.uci) - -s = m:section(TypedSection, "defaults") -s.anonymous = true -s.addremove = false - -s:option(Flag, "syn_flood", translate("Enable SYN-flood protection")) - -local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets")) -di.rmempty = false -function di.cfgvalue(...) - return AbstractValue.cfgvalue(...) or "1" -end - -p = {} -p[1] = s:option(ListValue, "input", translate("Input")) -p[2] = s:option(ListValue, "output", translate("Output")) -p[3] = s:option(ListValue, "forward", translate("Forward")) - -for i, v in ipairs(p) do - v:value("REJECT", translate("reject")) - v:value("DROP", translate("drop")) - v:value("ACCEPT", translate("accept")) -end - - -s = m:section(TypedSection, "zone", translate("Zones")) -s.template = "cbi/tblsection" -s.anonymous = true -s.addremove = true - -name = s:option(Value, "name", translate("Name")) -name.size = 8 - -p = {} -p[1] = s:option(ListValue, "input", translate("Input")) -p[2] = s:option(ListValue, "output", translate("Output")) -p[3] = s:option(ListValue, "forward", translate("Forward")) - -for i, v in ipairs(p) do - v:value("REJECT", translate("reject")) - v:value("DROP", translate("drop")) - v:value("ACCEPT", translate("accept")) -end - -s:option(Flag, "masq", translate("Masquerading")) -s:option(Flag, "mtu_fix", translate("MSS clamping")) - -net = s:option(MultiValue, "network", translate("Network")) -net.template = "cbi/network_netlist" -net.widget = "checkbox" -net.rmempty = true -luci.tools.webadmin.cbi_add_networks(net) - -function net.cfgvalue(self, section) - local value = MultiValue.cfgvalue(self, section) - return value or name:cfgvalue(section) -end - -return m diff --git a/applications/luci-fw/root/lib/uci/schema/default/firewall b/applications/luci-fw/root/lib/uci/schema/default/firewall deleted file mode 100644 index 35ff0565c..000000000 --- a/applications/luci-fw/root/lib/uci/schema/default/firewall +++ /dev/null @@ -1,255 +0,0 @@ -package firewall - -config package - option title 'Firewall configuration' - -config section - option name 'zone' - option title 'Firewall zones' - option package 'firewall' - -config variable - option name 'name' - option title 'Name' - option section 'firewall.zone' - option required true - -config variable - option name 'network' - option title 'Networks belonging to this zone' - option section 'firewall.zone' - option valueof 'network.interface' - option multival true - -config variable - option name 'forward' - option title 'Zone specific action for forwarded traffic' - option section 'firewall.zone' - option required true - -config variable - option name 'input' - option title 'Zone specific action for incoming traffic' - option section 'firewall.zone' - option required true - -config variable - option name 'output' - option title 'Zone specific action for outgoing traffic' - option section 'firewall.zone' - option required true - -config variable - option name 'masq' - option title 'Enable masquerading for outgoing zone traffic' - option section 'firewall.zone' - option datatype 'boolean' - - - -config section - option name 'defaults' - option title 'Global firewall defaults' - option package 'firewall' - option unique true - option required true - -config variable - option name 'forward' - option title 'Action for forwarded traffic' - option section 'firewall.defaults' - option required true - -config variable - option name 'input' - option title 'Action for incoming traffic' - option section 'firewall.defaults' - option required true - -config variable - option name 'output' - option title 'Action for outgoing traffic' - option section 'firewall.defaults' - option required true - -config variable - option name 'syn_flood' - option title 'Enable syn-flood protection' - option section 'firewall.defaults' - option datatype 'boolean' - -config variable - option name 'drop_invalid' - option title 'Do not drop packages with state invalid' - option section 'firewall.defaults' - option datatype 'boolean' - - - -config section - option name 'forwarding' - option title 'Forwarding rules' - option package 'firewall' - -config variable - option name 'src' - option title 'Source zone' - option section 'firewall.forwarding' - option valueof 'firewall.zone.name' - option required true - -config variable - option name 'dest' - option title 'Destination zone' - option section 'firewall.forwarding' - option valueof 'firewall.zone.name' - option required true - -config variable - option name 'mtu_fix' - option title 'Fixup MTU of outgoing packages' - option section 'firewall.forwarding' - option datatype 'boolean' - - - -config section - option name 'rule' - option title 'Custom rules' - option package 'firewall' - list depends 'target, src' - list depends 'target, dest' - list depends 'target, src_ip' - list depends 'target, src_port' - list depends 'target, src_mac' - list depends 'target, dest_ip' - list depends 'target, dest_port' - list depends 'target, proto' - -config variable - option name 'src' - option title 'Source zone' - option section 'firewall.rule' - option valueof 'firewall.zone.name' - -config variable - option name 'src_ip' - option title 'Source IP address' - option section 'firewall.rule' - option datatype 'ipaddr' - -config variable - option name 'src_port' - option title 'Source port' - option section 'firewall.rule' - option datatype 'portrange' - -config variable - option name 'src_mac' - option title 'Source MAC address' - option section 'firewall.rule' - option datatype 'macaddr' - -config variable - option name 'dest' - option title 'Destination zone' - option section 'firewall.rule' - option valueof 'firewall.zone.name' - -config variable - option name 'dest_ip' - option title 'Destination IP address' - option section 'firewall.rule' - option datatype 'ipaddr' - -config variable - option name 'dest_port' - option title 'Destination port' - option section 'firewall.rule' - option datatype 'portrange' - -config variable - option name 'proto' - option title 'Protocol' - option section 'firewall.rule' - option datatype 'string' - -config variable - option name 'target' - option title 'Option target' - option section 'firewall.rule' - option datatype 'string' - - - -config section - option name 'redirect' - option title 'Redirection rules' - option package 'firewall' - -config variable - option name 'src' - option title 'Source zone' - option section 'firewall.redirect' - option valueof 'firewall.zone.name' - -config variable - option name 'src_ip' - option title 'Source IP address' - option section 'firewall.redirect' - option datatype 'ipaddr' - -config variable - option name 'src_port' - option title 'Source port' - option section 'firewall.redirect' - option datatype 'portrange' - -config variable - option name 'src_dport' - option title 'Source destination port' - option section 'firewall.redirect' - option datatype 'portrange' - -config variable - option name 'src_mac' - option title 'Option src_mac' - option section 'firewall.redirect' - option datatype 'macaddr' - -config variable - option name 'dest' - option title 'Destination zone' - option section 'firewall.redirect' - option valueof 'firewall.zone.name' - -config variable - option name 'dest_ip' - option title 'Destination IP address' - option section 'firewall.redirect' - option datatype 'ipaddr' - -config variable - option name 'dest_port' - option title 'Destination port' - option section 'firewall.redirect' - option datatype 'portrange' - -config variable - option name 'proto' - option title 'Protocol' - option section 'firewall.redirect' - option datatype 'string' - - - -config section - option name 'include' - option title 'User defined config includes' - option package 'firewall' - -config variable - option name 'path' - option title 'Path to the include file' - option section 'firewall.include' - option datatype 'file'