mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity
openmptcprouter-feeds/luci-app-firewall/luasrc/tools/firewall.lua
Ycarus (Yannick Chabanois) 4b638e2189 Revert to previous firewall luci interface
2019-07-25 20:42:29 +02:00

289 lines
5.9 KiB
Lua
Raw Blame History

-- Copyright 2011-2012 Jo-Philipp Wich <jow@openwrt.org>
-- Licensed to the public under the Apache License 2.0.
module("luci.tools.firewall", package.seeall)
local ut = require "luci.util"
local ip = require "luci.ip"
local nx = require "nixio"
local translate, translatef = luci.i18n.translate, luci.i18n.translatef
local function _(...)
return tostring(translate(...))
end
function fmt_neg(x)
if type(x) == "string" then
local v, neg = x:gsub("^ *! *", "")
if neg > 0 then
return v, "%s " % _("not")
else
return x, ""
end
end
return x, ""
end
function fmt_mac(x)
if x and #x > 0 then
local m, n
local l = { _("MAC"), " " }
for m in ut.imatch(x) do
m, n = fmt_neg(m)
l[#l+1] = "<var>%s%s</var>" %{ n, m }
l[#l+1] = ", "
end
if #l > 1 then
l[#l] = nil
if #l > 3 then
l[1] = _("MACs")
end
return table.concat(l, "")
end
end
end
function fmt_port(x, d)
if x and #x > 0 then
local p, n
local l = { _("port"), " " }
for p in ut.imatch(x) do
p, n = fmt_neg(p)
local a, b = p:match("(%d+)%D+(%d+)")
if a and b then
l[1] = _("ports")
l[#l+1] = "<var>%s%d-%d</var>" %{ n, a, b }
else
l[#l+1] = "<var>%s%d</var>" %{ n, p }
end
l[#l+1] = ", "
end
if #l > 1 then
l[#l] = nil
if #l > 3 then
l[1] = _("ports")
end
return table.concat(l, "")
end
end
return d and "<var>%s</var>" % d
end
function fmt_ip(x, d)
if x and #x > 0 then
local l = { _("IP"), " " }
local v, a, n
for v in ut.imatch(x) do
v, n = fmt_neg(v)
a, m = v:match("(%S+)/(%d+%.%S+)")
a = a or v
a = a:match(":") and ip.IPv6(a, m) or ip.IPv4(a, m)
if a and (a:is6() and a:prefix() < 128 or a:prefix() < 32) then
l[1] = _("IP range")
l[#l+1] = "<var title='%s - %s'>%s%s</var>" %{
a:minhost():string(),
a:maxhost():string(),
n, a:string()
}
else
l[#l+1] = "<var>%s%s</var>" %{
n,
a and a:string() or v
}
end
l[#l+1] = ", "
end
if #l > 1 then
l[#l] = nil
if #l > 3 then
l[1] = _("IPs")
end
return table.concat(l, "")
end
end
return d and "<var>%s</var>" % d
end
function fmt_zone(x, d)
if x == "*" then
return "<var>%s</var>" % _("any zone")
elseif x and #x > 0 then
return "<var>%s</var>" % x
elseif d then
return "<var>%s</var>" % d
end
end
function fmt_icmp_type(x)
if x and #x > 0 then
local t, v, n
local l = { _("type"), " " }
for v in ut.imatch(x) do
v, n = fmt_neg(v)
l[#l+1] = "<var>%s%s</var>" %{ n, v }
l[#l+1] = ", "
end
if #l > 1 then
l[#l] = nil
if #l > 3 then
l[1] = _("types")
end
return table.concat(l, "")
end
end
end
function fmt_proto(x, icmp_types)
if x and #x > 0 then
local v, n
local l = { }
local t = fmt_icmp_type(icmp_types)
for v in ut.imatch(x) do
v, n = fmt_neg(v)
if v == "tcpudp" then
l[#l+1] = "TCP"
l[#l+1] = ", "
l[#l+1] = "UDP"
l[#l+1] = ", "
elseif v ~= "all" then
local p = nx.getproto(v)
if p then
-- ICMP
if (p.proto == 1 or p.proto == 58) and t then
l[#l+1] = translatef(
"%s%s with %s",
n, p.aliases[1] or p.name, t
)
else
l[#l+1] = "%s%s" %{
n,
p.aliases[1] or p.name
}
end
l[#l+1] = ", "
end
end
end
if #l > 0 then
l[#l] = nil
return table.concat(l, "")
end
end
end
function fmt_limit(limit, burst)
burst = tonumber(burst)
if limit and #limit > 0 then
local l, u = limit:match("(%d+)/(%w+)")
l = tonumber(l or limit)
u = u or "second"
if l then
if u:match("^s") then
u = _("second")
elseif u:match("^m") then
u = _("minute")
elseif u:match("^h") then
u = _("hour")
elseif u:match("^d") then
u = _("day")
end
if burst and burst > 0 then
return translatef("<var>%d</var> pkts. per <var>%s</var>, \
burst <var>%d</var> pkts.", l, u, burst)
else
return translatef("<var>%d</var> pkts. per <var>%s</var>", l, u)
end
end
end
end
function fmt_target(x, src, dest)
if not src or #src == 0 then
if x == "ACCEPT" then
return _("Accept output")
elseif x == "REJECT" then
return _("Refuse output")
elseif x == "NOTRACK" then
return _("Do not track output")
else --if x == "DROP" then
return _("Discard output")
end
elseif dest and #dest > 0 then
if x == "ACCEPT" then
return _("Accept forward")
elseif x == "REJECT" then
return _("Refuse forward")
elseif x == "NOTRACK" then
return _("Do not track forward")
else --if x == "DROP" then
return _("Discard forward")
end
else
if x == "ACCEPT" then
return _("Accept input")
elseif x == "REJECT" then
return _("Refuse input")
elseif x == "NOTRACK" then
return _("Do not track input")
else --if x == "DROP" then
return _("Discard input")
end
end
end
function opt_enabled(s, t, ...)
if t == luci.cbi.Button then
local o = s:option(t, "__enabled")
function o.render(self, section)
if self.map:get(section, "enabled") ~= "0" then
self.title = _("Rule is enabled")
self.inputtitle = _("Disable")
self.inputstyle = "reset"
else
self.title = _("Rule is disabled")
self.inputtitle = _("Enable")
self.inputstyle = "apply"
end
t.render(self, section)
end
function o.write(self, section, value)
if self.map:get(section, "enabled") ~= "0" then
self.map:set(section, "enabled", "0")
else
self.map:del(section, "enabled")
end
end
return o
else
local o = s:option(t, "enabled", ...)
o.default = "1"
return o
end
end
function opt_name(s, t, ...)
local o = s:option(t, "name", ...)
function o.cfgvalue(self, section)
return self.map:get(section, "name") or
self.map:get(section, "_name") or "-"
end
function o.write(self, section, value)
if value ~= "-" then
self.map:set(section, "name", value)
self.map:del(section, "_name")
else
self:remove(section)
end
end
function o.remove(self, section)
self.map:del(section, "name")
self.map:del(section, "_name")
end
return o
end
Reference in a new issue View git blame Copy permalink