luci-mod-status: replace iptables controller actions with cgi-io calls

Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 43a4481e10)
2019-12-18 21:57:01 +01:00 · 2019-12-18 21:57:01 +01:00 · 72205026ed
commit 72205026ed
parent 50722058cf
3 changed files with 8 additions and 41 deletions
--- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
+++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json
@ -48,7 +48,9 @@
 				"/usr/bin/traceroute *": [ "exec" ],
 				"/usr/bin/traceroute6 *": [ "exec" ],
 				"/usr/bin/nslookup *": [ "exec" ],
-				"/usr/libexec/luci-peeraddr": [ "exec" ]
+				"/usr/libexec/luci-peeraddr": [ "exec" ],
+				"/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
+				"/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ]
 			},
 			"ubus": {
 				"file": [ "list", "read", "stat" ],
--- a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js
+++ b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js
@ -246,8 +246,10 @@ function parse_output(table, s)
 }

 table_names.forEach(function(table) {
-	L.poll(5, L.url('admin/status/iptables_dump', current_mode, table.toLowerCase()), null,
-		function (xhr) {
-			parse_output(table, xhr.responseText);
+	L.Poll.add(function() {
+		var cmd = (current_mode == 6) ? '/usr/sbin/ip6tables' : '/usr/sbin/iptables';
+		return L.fs.exec_direct(cmd, [ '--line-numbers', '-w', '-nvxL', '-t', table.toLowerCase() ]).then(function(output) {
+			parse_output(table, output);
 		});
+	}, 5);
 });
--- a/modules/luci-mod-status/luasrc/controller/admin/status.lua
+++ b/modules/luci-mod-status/luasrc/controller/admin/status.lua
@ -10,8 +10,6 @@ function index()
 	entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1)

 	entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true
-	entry({"admin", "status", "iptables_dump"}, call("dump_iptables")).leaf = true
-	entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true

 	entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3)
 	entry({"admin", "status", "syslog"}, call("action_syslog"), _("System Log"), 4)
@ -37,38 +35,3 @@ function action_dmesg()
 	local dmesg = luci.sys.dmesg()
 	luci.template.render("admin_status/dmesg", {dmesg=dmesg})
 end
-
-function dump_iptables(family, table)
-	local prefix = (family == "6") and "ip6" or "ip"
-	local ok, lines = pcall(io.lines, "/proc/net/%s_tables_names" % prefix)
-	if ok and lines then
-		local s
-		for s in lines do
-			if s == table then
-				luci.http.prepare_content("text/plain")
-				luci.sys.process.exec({
-					"/usr/sbin/%stables" % prefix, "-w", "-t", table,
-					"--line-numbers", "-nxvL"
-				}, luci.http.write)
-				return
-			end
-		end
-	end
-
-	luci.http.status(404, "No such table")
-	luci.http.prepare_content("text/plain")
-end
-
-function action_iptables()
-	if luci.http.formvalue("zero") then
-		if luci.http.formvalue("family") == "6" then
-			luci.util.exec("/usr/sbin/ip6tables -Z")
-		else
-			luci.util.exec("/usr/sbin/iptables -Z")
-		end
-	elseif luci.http.formvalue("restart") then
-		luci.util.exec("/etc/init.d/firewall restart")
-	end
-
-	luci.http.redirect(luci.dispatcher.build_url("admin/status/iptables"))
-end