luci/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua

--[[
LuCI - Lua Configuration Interface

Copyright 2008 Steven Barth <steven@midlink.org>
Copyright 2010 Jo-Philipp Wich <xm@subsignal.org>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

$Id$
]]--

local sys = require "luci.sys"
local dsp = require "luci.dispatcher"

arg[1] = arg[1] or ""

m = Map("firewall", translate("Traffic Redirection"),
	translate("Traffic redirection allows you to change the " ..
		"destination address of forwarded packets."))

m.redirect = dsp.build_url("admin", "network", "firewall")

if not m.uci:get(arg[1]) == "redirect" then
	luci.http.redirect(m.redirect)
	return
end

local has_v2 = nixio.fs.access("/lib/firewall/fw.sh")
local wan_zone = nil

m.uci:foreach("firewall", "zone",
	function(s)
		local n = s.network or s.name
		if n then
			local i
			for i in n:gmatch("%S+") do
				if i == "wan" then
					wan_zone = s.name
					return false
				end
			end
		end
	end)

s = m:section(NamedSection, arg[1], "redirect", "")
s.anonymous = true
s.addremove = false

s:tab("general", translate("General Settings"))
s:tab("advanced", translate("Advanced Settings"))

name = s:taboption("general", Value, "_name", translate("Name"))
name.rmempty = true
name.size = 10

src = s:taboption("general", Value, "src", translate("Source zone"))
src.nocreate = true
src.default = "wan"
src.template = "cbi/firewall_zonelist"

proto = s:taboption("general", Value, "proto", translate("Protocol"))
proto.optional = true
proto:value("tcpudp", "TCP+UDP")
proto:value("tcp", "TCP")
proto:value("udp", "UDP")

dport = s:taboption("general", Value, "src_dport", translate("External port"),
	translate("Match incoming traffic directed at the given " ..
		"destination port or port range on this host"))
dport.datatype = "portrange"
dport:depends("proto", "tcp")
dport:depends("proto", "udp")
dport:depends("proto", "tcpudp")

to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"),
	translate("Redirect matched incoming traffic to the specified " ..
		"internal host"))
to.datatype = "ip4addr"
for i, dataset in ipairs(luci.sys.net.arptable()) do
	to:value(dataset["IP address"])
end

toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"),
	translate("Redirect matched incoming traffic to the given port on " ..
		"the internal host"))
toport.optional = true
toport.placeholder = "0-65535"
toport.datatype = "portrange"
toport:depends("proto", "tcp")
toport:depends("proto", "udp")
toport:depends("proto", "tcpudp")

target = s:taboption("advanced", ListValue, "target", translate("Redirection type"))
target:value("DNAT")
target:value("SNAT")

dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
dest.nocreate = true
dest.default = "lan"
dest.template = "cbi/firewall_zonelist"

src_dip = s:taboption("advanced", Value, "src_dip",
	translate("Intended destination address"),
	translate(
		"For DNAT, match incoming traffic directed at the given destination "..
		"ip address. For SNAT rewrite the source address to the given address."
	))

src_dip.optional = true
src_dip.datatype = "ip4addr"
src_dip.placeholder = translate("any")

src_mac = s:taboption("advanced", Value, "src_mac", translate("Source MAC address"))
src_mac.optional = true
src_mac.datatype = "macaddr"
src_mac.placeholder = translate("any")

src_ip = s:taboption("advanced", Value, "src_ip", translate("Source IP address"))
src_ip.optional = true
src_ip.datatype = "neg_ip4addr"
src_ip.placeholder = translate("any")

sport = s:taboption("advanced", Value, "src_port", translate("Source port"),
	translate("Match incoming traffic originating from the given " ..
		"source port or port range on the client host"))
sport.optional = true
sport.datatype = "portrange"
sport.placeholder = "0-65536"
sport:depends("proto", "tcp")
sport:depends("proto", "udp")
sport:depends("proto", "tcpudp")

reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback"))
reflection.rmempty = true
reflection.default = reflection.enabled
reflection:depends({ target = "DNAT", src = wan_zone })
reflection.cfgvalue = function(...)
	return Flag.cfgvalue(...) or "1"
end

return m
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`--[[`
			`LuCI - Lua Configuration Interface`

			`Copyright 2008 Steven Barth <steven@midlink.org>`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`Copyright 2010 Jo-Philipp Wich <xm@subsignal.org>`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			$Id$
			`]]--`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00
			`local sys = require "luci.sys"`
			`local dsp = require "luci.dispatcher"`

Redesigned firewall configuration 2008-10-03 16:04:09 +00:00			`arg[1] = arg[1] or ""`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00
[PATCH 1/2] firewall: add description strings The luci-fw application was lacking some important description strings. This adds them and updates the associated translation template. 2010-04-05 01:16:25 +00:00			`m = Map("firewall", translate("Traffic Redirection"),`
			`translate("Traffic redirection allows you to change the " ..`
			`"destination address of forwarded packets."))`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`m.redirect = dsp.build_url("admin", "network", "firewall")`

			`if not m.uci:get(arg[1]) == "redirect" then`
			`luci.http.redirect(m.redirect)`
			`return`
			`end`

			`local has_v2 = nixio.fs.access("/lib/firewall/fw.sh")`
			`local wan_zone = nil`

			`m.uci:foreach("firewall", "zone",`
			`function(s)`
			`local n = s.network or s.name`
			`if n then`
			`local i`
			`for i in n:gmatch("%S+") do`
			`if i == "wan" then`
			`wan_zone = s.name`
			`return false`
			`end`
			`end`
			`end`
			`end)`
Redesigned firewall configuration 2008-10-03 16:04:09 +00:00
			`s = m:section(NamedSection, arg[1], "redirect", "")`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`s.anonymous = true`
Rules should not be removed / created from the detailed rule configuration 2008-10-04 17:56:02 +00:00			`s.addremove = false`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`s:tab("general", translate("General Settings"))`
			`s:tab("advanced", translate("Advanced Settings"))`

			`name = s:taboption("general", Value, "_name", translate("Name"))`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`name.rmempty = true`
			`name.size = 10`

applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`src = s:taboption("general", Value, "src", translate("Source zone"))`
			`src.nocreate = true`
			`src.default = "wan"`
			`src.template = "cbi/firewall_zonelist"`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00
applications/luci-firewall: some fixes on redirection page 2010-11-20 17:23:44 +00:00			`proto = s:taboption("general", Value, "proto", translate("Protocol"))`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`proto.optional = true`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`proto:value("tcpudp", "TCP+UDP")`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`proto:value("tcp", "TCP")`
			`proto:value("udp", "UDP")`

applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`dport = s:taboption("general", Value, "src_dport", translate("External port"),`
[PATCH 1/2] firewall: add description strings The luci-fw application was lacking some important description strings. This adds them and updates the associated translation template. 2010-04-05 01:16:25 +00:00			`translate("Match incoming traffic directed at the given " ..`
			`"destination port or port range on this host"))`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`dport.datatype = "portrange"`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`dport:depends("proto", "tcp")`
			`dport:depends("proto", "udp")`
applications/luci-fw: Fixed r2979, closes #112 2008-09-02 11:27:00 +00:00			`dport:depends("proto", "tcpudp")`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"),`
[PATCH 1/2] firewall: add description strings The luci-fw application was lacking some important description strings. This adds them and updates the associated translation template. 2010-04-05 01:16:25 +00:00			`translate("Redirect matched incoming traffic to the specified " ..`
			`"internal host"))`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`to.datatype = "ip4addr"`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`for i, dataset in ipairs(luci.sys.net.arptable()) do`
			`to:value(dataset["IP address"])`
			`end`

applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"),`
[PATCH 1/2] firewall: add description strings The luci-fw application was lacking some important description strings. This adds them and updates the associated translation template. 2010-04-05 01:16:25 +00:00			`translate("Redirect matched incoming traffic to the given port on " ..`
			`"the internal host"))`
applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`toport.optional = true`
applications/luci-firewall: support local destination in rules, add placeholders 2010-11-07 20:01:56 +00:00			`toport.placeholder = "0-65535"`
applications/luci-firewall: some fixes on redirection page 2010-11-20 17:23:44 +00:00			`toport.datatype = "portrange"`
			`toport:depends("proto", "tcp")`
			`toport:depends("proto", "udp")`
			`toport:depends("proto", "tcpudp")`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00
			`target = s:taboption("advanced", ListValue, "target", translate("Redirection type"))`
			`target:value("DNAT")`
			`target:value("SNAT")`

			`dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))`
			`dest.nocreate = true`
			`dest.default = "lan"`
			`dest.template = "cbi/firewall_zonelist"`

			`src_dip = s:taboption("advanced", Value, "src_dip",`
			`translate("Intended destination address"),`
			`translate(`
			`"For DNAT, match incoming traffic directed at the given destination "..`
			`"ip address. For SNAT rewrite the source address to the given address."`
			`))`

			`src_dip.optional = true`
			`src_dip.datatype = "ip4addr"`
applications/luci-firewall: support local destination in rules, add placeholders 2010-11-07 20:01:56 +00:00			`src_dip.placeholder = translate("any")`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00
			`src_mac = s:taboption("advanced", Value, "src_mac", translate("Source MAC address"))`
			`src_mac.optional = true`
			`src_mac.datatype = "macaddr"`
applications/luci-firewall: support local destination in rules, add placeholders 2010-11-07 20:01:56 +00:00			`src_mac.placeholder = translate("any")`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00
			`src_ip = s:taboption("advanced", Value, "src_ip", translate("Source IP address"))`
			`src_ip.optional = true`
luci-firewall: Add support for negations for ip addresses/nets (#218) 2011-04-13 00:33:42 +00:00			`src_ip.datatype = "neg_ip4addr"`
applications/luci-firewall: support local destination in rules, add placeholders 2010-11-07 20:01:56 +00:00			`src_ip.placeholder = translate("any")`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00
			`sport = s:taboption("advanced", Value, "src_port", translate("Source port"),`
			`translate("Match incoming traffic originating from the given " ..`
			`"source port or port range on the client host"))`
			`sport.optional = true`
			`sport.datatype = "portrange"`
applications/luci-firewall: support local destination in rules, add placeholders 2010-11-07 20:01:56 +00:00			`sport.placeholder = "0-65536"`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`sport:depends("proto", "tcp")`
			`sport:depends("proto", "udp")`
			`sport:depends("proto", "tcpudp")`

			`reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback"))`
			`reflection.rmempty = true`
applications/luci-firewall: fix turning off nat reflection 2011-07-30 20:02:58 +00:00			`reflection.default = reflection.enabled`
applications/luci-firewall: complete rework 2010-11-01 19:45:54 +00:00			`reflection:depends({ target = "DNAT", src = wan_zone })`
			`reflection.cfgvalue = function(...)`
			`return Flag.cfgvalue(...) or "1"`
			`end`

applications/luci-fw: Reworked to use the new native UCI-based firewall configuration 2008-08-04 23:36:33 +00:00			`return m`