8 'require tools.widgets as widgets';
13 function handleAction(ev
) {
14 fs
.exec_direct('/etc/init.d/banip', [ev
])
20 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.feeds'), ''),
21 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.countries'), ''),
26 render: function (result
) {
29 m
= new form
.Map('banip', 'banIP', _('Configuration of the banIP package to ban incoming and outgoing ip addresses/subnets via sets in nftables. \
30 For further information <a href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >check the online documentation</a>'));
33 poll runtime information
35 var rt_res
, inf_stat
, inf_version
, inf_elements
, inf_feeds
, inf_feedarray
, inf_devices
, inf_devicearray
36 var inf_subnets
, inf_subnetarray
, nft_infos
, run_infos
, inf_flags
, last_run
, inf_system
38 pollData
: poll
.add(function () {
39 return L
.resolveDefault(fs
.read_direct('/var/run/banip_runtime.json'), 'null').then(function (res
) {
40 rt_res
= JSON
.parse(res
);
41 inf_stat
= document
.getElementById('status');
42 if (inf_stat
&& rt_res
) {
43 L
.resolveDefault(fs
.exec_direct('/etc/init.d/banip', ['status', 'update'])).then(function (update_res
) {
44 inf_stat
.textContent
= (rt_res
.status
+ ' (' + update_res
.trim() + ')' || '-');
46 if (rt_res
.status
=== "processing") {
47 if (!inf_stat
.classList
.contains("spinning")) {
48 inf_stat
.classList
.add("spinning");
50 } else if (rt_res
.status
=== "disabled") {
51 if (inf_stat
.classList
.contains("spinning")) {
52 inf_stat
.classList
.remove("spinning");
56 if (inf_stat
.classList
.contains("spinning")) {
57 inf_stat
.classList
.remove("spinning");
60 } else if (inf_stat
) {
61 inf_stat
.textContent
= '-';
62 if (inf_stat
.classList
.contains("spinning")) {
63 inf_stat
.classList
.remove("spinning");
66 inf_version
= document
.getElementById('version');
67 if (inf_version
&& rt_res
) {
68 inf_version
.textContent
= rt_res
.version
|| '-';
70 inf_elements
= document
.getElementById('elements');
71 if (inf_elements
&& rt_res
) {
72 inf_elements
.textContent
= rt_res
.element_count
|| '-';
74 inf_feeds
= document
.getElementById('feeds');
76 if (inf_feeds
&& rt_res
) {
77 for (var i
= 0; i
< rt_res
.active_feeds
.length
; i
++) {
78 if (i
< rt_res
.active_feeds
.length
- 1) {
79 inf_feedarray
+= rt_res
.active_feeds
[i
].feed
+ ', ';
81 inf_feedarray
+= rt_res
.active_feeds
[i
].feed
84 inf_feeds
.textContent
= inf_feedarray
|| '-';
86 inf_devices
= document
.getElementById('devices');
88 if (inf_devices
&& rt_res
&& rt_res
.active_devices
.length
> 1) {
89 for (var i
= 0; i
< rt_res
.active_devices
.length
; i
++) {
90 if (i
=== 0 && rt_res
.active_devices
[i
].device
&& rt_res
.active_devices
[i
+1].interface) {
91 inf_devicearray
+= rt_res
.active_devices
[i
].device
+ ' ::: ' + rt_res
.active_devices
[i
+1].interface;
95 inf_devicearray
+= rt_res
.active_devices
[i
].device
97 else if (i
> 0 && rt_res
.active_devices
[i
].device
&& rt_res
.active_devices
[i
+1].interface) {
98 inf_devicearray
+= ', ' + rt_res
.active_devices
[i
].device
+ ' ::: ' + rt_res
.active_devices
[i
+1].interface;
101 else if (i
> 0 && rt_res
.active_devices
[i
].device
) {
102 inf_devicearray
+= ', ' + rt_res
.active_devices
[i
].device
;
104 else if (i
> 0 && rt_res
.active_devices
[i
].interface) {
105 inf_devicearray
+= ', ' + rt_res
.active_devices
[i
].interface;
108 inf_devices
.textContent
= inf_devicearray
|| '-';
110 inf_subnets
= document
.getElementById('subnets');
111 inf_subnetarray
= [];
112 if (inf_subnets
&& rt_res
) {
113 for (var i
= 0; i
< rt_res
.active_subnets
.length
; i
++) {
114 if (i
< rt_res
.active_subnets
.length
- 1) {
115 inf_subnetarray
+= rt_res
.active_subnets
[i
].subnet
+ ', ';
117 inf_subnetarray
+= rt_res
.active_subnets
[i
].subnet
120 inf_subnets
.textContent
= inf_subnetarray
|| '-';
122 nft_infos
= document
.getElementById('nft');
123 if (nft_infos
&& rt_res
) {
124 nft_infos
.textContent
= rt_res
.nft_info
|| '-';
126 run_infos
= document
.getElementById('run');
127 if (run_infos
&& rt_res
) {
128 run_infos
.textContent
= rt_res
.run_info
|| '-';
130 inf_flags
= document
.getElementById('flags');
131 if (inf_flags
&& rt_res
) {
132 inf_flags
.textContent
= rt_res
.run_flags
|| '-';
134 last_run
= document
.getElementById('last');
135 if (last_run
&& rt_res
) {
136 last_run
.textContent
= rt_res
.last_run
|| '-';
138 inf_system
= document
.getElementById('system');
139 if (inf_system
&& rt_res
) {
140 inf_system
.textContent
= rt_res
.system_info
|| '-';
146 runtime information and buttons
148 s
= m
.section(form
.NamedSection
, 'global');
149 s
.render
= L
.bind(function (view
, section_id
) {
150 return E('div', { 'class': 'cbi-section' }, [
151 E('h3', _('Information')),
152 E('div', { 'class': 'cbi-value' }, [
153 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Status')),
154 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'color:#37c' }, '\xa0')
156 E('div', { 'class': 'cbi-value' }, [
157 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Version')),
158 E('div', { 'class': 'cbi-value-field', 'id': 'version', 'style': 'color:#37c' }, '-')
160 E('div', { 'class': 'cbi-value' }, [
161 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Element Count')),
162 E('div', { 'class': 'cbi-value-field', 'id': 'elements', 'style': 'color:#37c' }, '-')
164 E('div', { 'class': 'cbi-value' }, [
165 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Feeds')),
166 E('div', { 'class': 'cbi-value-field', 'id': 'feeds', 'style': 'color:#37c' }, '-')
168 E('div', { 'class': 'cbi-value' }, [
169 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Devices')),
170 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'color:#37c' }, '-')
172 E('div', { 'class': 'cbi-value' }, [
173 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Subnets')),
174 E('div', { 'class': 'cbi-value-field', 'id': 'subnets', 'style': 'color:#37c' }, '-')
176 E('div', { 'class': 'cbi-value' }, [
177 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('NFT Information')),
178 E('div', { 'class': 'cbi-value-field', 'id': 'nft', 'style': 'color:#37c' }, '-')
180 E('div', { 'class': 'cbi-value' }, [
181 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Run Information')),
182 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'color:#37c' }, '-')
184 E('div', { 'class': 'cbi-value' }, [
185 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Run Flags')),
186 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'color:#37c' }, '-')
188 E('div', { 'class': 'cbi-value' }, [
189 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Last Run')),
190 E('div', { 'class': 'cbi-value-field', 'id': 'last', 'style': 'color:#37c' }, '-')
192 E('div', { 'class': 'cbi-value' }, [
193 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('System Information')),
194 E('div', { 'class': 'cbi-value-field', 'id': 'system', 'style': 'color:#37c' }, '-')
196 E('div', { class: 'right' }, [
198 'class': 'btn cbi-button cbi-button-negative',
199 'click': ui
.createHandlerFn(this, function () {
200 return handleAction('stop');
205 'class': 'btn cbi-button cbi-button-positive',
206 'click': ui
.createHandlerFn(this, function () {
207 return handleAction('reload');
212 'class': 'btn cbi-button cbi-button-positive',
213 'click': ui
.createHandlerFn(this, function () {
214 return handleAction('restart');
223 tabbed config section
225 s
= m
.section(form
.NamedSection
, 'global', 'banip', _('Settings'));
227 s
.tab('general', _('General Settings'));
228 s
.tab('advanced', _('Advanced Settings'));
229 s
.tab('adv_chain', _('Chain/Set Settings'));
230 s
.tab('adv_log', _('Log Settings'));
231 s
.tab('adv_email', _('E-Mail Settings'));
232 s
.tab('feeds', _('Blocklist Feeds'));
237 o
= s
.taboption('general', form
.Flag
, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
240 o
= s
.taboption('general', form
.Flag
, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of processing errors.'));
243 o
= s
.taboption('general', form
.Flag
, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network devices, interfaces, subnets, protocols and utilities automatically.'));
246 o
= s
.taboption('general', form
.Flag
, 'ban_protov4', _('IPv4 Support'), _('Enables IPv4 support.'));
247 o
.depends('ban_autodetect', '0');
251 o
= s
.taboption('general', form
.Flag
, 'ban_protov6', _('IPv6 Support'), _('Enables IPv6 support.'));
252 o
.depends('ban_autodetect', '0');
256 o
= s
.taboption('general', widgets
.DeviceSelect
, 'ban_dev', _('Network Devices'), _('Select the WAN network device(s).'));
257 o
.depends('ban_autodetect', '0');
258 o
.unspecified
= true;
264 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_ifv4', _('Network Interfaces'), _('Select the logical WAN IPv4 network interface(s).'));
265 o
.depends('ban_autodetect', '0');
266 o
.unspecified
= true;
272 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_ifv6', _('Network Interfaces'), _('Select the logical WAN IPv6 network interface(s).'));
273 o
.depends('ban_autodetect', '0');
274 o
.unspecified
= true;
280 o
= s
.taboption('general', form
.ListValue
, 'ban_fetchcmd', _('Download Utility'), _('Select one of the pre-configured download utilities.'));
281 o
.depends('ban_autodetect', '0');
282 o
.value('uclient-fetch');
289 o
= s
.taboption('general', form
.Value
, 'ban_fetchparm', _('Download Parameters'), _('Override the pre-configured download options for the selected download utility.'))
290 o
.depends('ban_autodetect', '0');
294 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_trigger', _('Startup Trigger Interface'), _('List of available network interfaces to trigger the banIP start.'));
295 o
.unspecified
= true;
300 o
= s
.taboption('general', form
.Value
, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds before banIP processing actually starts.'));
301 o
.placeholder
= '10';
302 o
.datatype
= 'range(1,300)';
305 o
= s
.taboption('general', form
.ListValue
, 'ban_triggeraction', _('Trigger Action'), _('Trigger action on ifup interface events.'));
306 o
.value('start', _('start (default)'));
307 o
.value('reload', _('reload'));
308 o
.value('restart', _('restart'));
312 o
= s
.taboption('general', form
.Flag
, 'ban_deduplicate', _('Deduplicate IPs'), _('Deduplicate IP addresses across all active sets and and tidy up the local blocklist.'));
316 o
= s
.taboption('general', form
.Flag
, 'ban_loginput', _('Log WAN-Input'), _('Log suspicious incoming WAN packets (dropped).'));
320 o
= s
.taboption('general', form
.Flag
, 'ban_logforwardwan', _('Log WAN-Forward'), _('Log suspicious forwarded WAN packets (dropped).'));
324 o
= s
.taboption('general', form
.Flag
, 'ban_logforwardlan', _('Log LAN-Forward'), _('Log suspicious forwarded LAN packets (rejected).'));
328 additional settings tab
330 o
= s
.taboption('advanced', form
.DummyValue
, '_sub');
332 o
.default = '<em><b>' + _('Changes on this tab needs a banIP service restart to take effect.') + '</b></em>';
334 o
= s
.taboption('advanced', form
.ListValue
, 'ban_nicelimit', _('Nice Level'), _('The selected priority will be used for banIP background processing.'));
335 o
.value('-20', _('Highest Priority'));
336 o
.value('-10', _('High Priority'));
337 o
.value('0', _('Normal Priority (default)'));
338 o
.value('10', _('Less Priority'));
339 o
.value('19', _('Least Priority'));
343 o
= s
.taboption('advanced', form
.ListValue
, 'ban_filelimit', _('Max Open Files'), _('Increase the maximal number of open files, e.g. to handle the amount of temporary split files while loading the sets.'));
344 o
.value('512', _('512'));
345 o
.value('1024', _('1024 (default)'));
346 o
.value('2048', _('2048'));
347 o
.value('4096', _('4096'));
351 o
= s
.taboption('advanced', form
.ListValue
, 'ban_cores', _('CPU Cores'), _('Limit the cpu cores used by banIP to save RAM.'));
360 o
= s
.taboption('advanced', form
.ListValue
, 'ban_splitsize', _('Set Split Size'), _('Split external set loading after every n members to save RAM.'));
369 o
= s
.taboption('advanced', form
.Value
, 'ban_basedir', _('Base Directory'), _('Base working directory while banIP processing.'));
370 o
.placeholder
= '/tmp';
373 o
= s
.taboption('advanced', form
.Value
, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed feed backups.'));
374 o
.placeholder
= '/tmp/banIP-backup';
377 o
= s
.taboption('advanced', form
.Value
, 'ban_reportdir', _('Report Directory'), _('Target directory for banIP-related report files.'));
378 o
.placeholder
= '/tmp/banIP-report';
381 o
= s
.taboption('advanced', form
.Flag
, 'ban_reportelements', _('Report Elements'), _('List Set elements in the status and report, disable this to reduce the CPU load.'));
385 o
= s
.taboption('advanced', form
.Flag
, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
389 advanced chain/set settings tab
391 o
= s
.taboption('adv_chain', form
.DummyValue
, '_sub');
393 o
.default = '<em><b>' + _('Changes on this tab needs a banIP service restart to take effect.') + '</b></em>';
395 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_nftpolicy', _('Set Policy'), _('Set the nft policy for banIP-related sets.'));
396 o
.value('memory', _('memory (default)'));
397 o
.value('performance', _('performance'));
401 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_nftpriority', _('Chain Priority'), _('Set the nft chain priority within the banIP table. Please note: lower values means higher priority.'));
402 o
.value('0', _('0'));
403 o
.value('-100', _('-100'));
404 o
.value('-200', _('-200 (default)'));
405 o
.value('-300', _('-300'));
406 o
.value('-400', _('-400'));
412 feeds
= JSON
.parse(result
[0]);
414 o
= s
.taboption('adv_chain', form
.MultiValue
, 'ban_blockinput', _('WAN-Input Chain'), _('Limit certain feeds to the WAN-Input chain.'));
415 o
.value('allowlist', _('local allowlist'));
416 o
.value('blocklist', _('local blocklist'));
417 for (var i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
418 feed
= Object
.keys(feeds
)[i
].trim();
424 o
= s
.taboption('adv_chain', form
.MultiValue
, 'ban_blockforwardwan', _('WAN-Forward Chain'), _('Limit certain feeds to the WAN-Forward chain.'));
425 o
.value('allowlist', _('local allowlist'));
426 o
.value('blocklist', _('local blocklist'));
427 for (var i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
428 feed
= Object
.keys(feeds
)[i
].trim();
434 o
= s
.taboption('adv_chain', form
.MultiValue
, 'ban_blockforwardlan', _('LAN-Forward Chain'), _('Limit certain feeds to the LAN-Forward chain.'));
435 o
.value('allowlist', _('local allowlist'));
436 o
.value('blocklist', _('local blocklist'));
437 for (var i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
438 feed
= Object
.keys(feeds
)[i
].trim();
445 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_nftexpiry', _('Blocklist Expiry'), _('Expiry time for auto added blocklist set members.'));
455 advanced log settings tab
457 o
= s
.taboption('adv_log', form
.DummyValue
, '_sub');
459 o
.default = '<em><b>' + _('Changes on this tab needs a banIP service restart to take effect.') + '</b></em>';
461 o
= s
.taboption('adv_log', form
.ListValue
, 'ban_nftloglevel', _('Log Level'), _('Set the syslog level for NFT logging.'));
462 o
.value('emerg', _('emerg'));
463 o
.value('alert', _('alert'));
464 o
.value('crit', _('crit'));
465 o
.value('err', _('err'));
466 o
.value('warn', _('warn (default)'));
467 o
.value('notice', _('notice'));
468 o
.value('info', _('info'));
469 o
.value('debug', _('debug'));
470 o
.value('audit', _('audit'));
474 o
= s
.taboption('adv_log', form
.ListValue
, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events.'));
475 o
.value('50', _('50'));
476 o
.value('100', _('100 (default)'));
477 o
.value('250', _('250'));
478 o
.value('500', _('500'));
479 o
.value('1000', _('1000'));
483 o
= s
.taboption('adv_log', form
.Value
, 'ban_logcount', _('Log Count'), _('Number of failed login attempts of the same IP in the log before blocking.'));
485 o
.datatype
= 'range(1,10)';
488 o
= s
.taboption('adv_log', form
.DynamicList
, 'ban_logterm', _('Log Terms'), _('The default log terms / regular expressions are filtering suspicious ssh, LuCI, nginx and asterisk traffic.'));
493 advanced email settings tab
495 o
= s
.taboption('adv_email', form
.DummyValue
, '_sub');
497 o
.default = '<em><b>' + _('To enable email notifications, set up the \'msmtp\' package and specify a vaild E-Mail receiver address.') + '</b></em>';
499 o
= s
.taboption('adv_email', form
.Flag
, 'ban_mailnotification', _('E-Mail Notification'), _('Receive E-Mail notifications with every banIP run.'));
502 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification E-Mails, this information is required to enable E-Mail functionality.'));
503 o
.placeholder
= 'name@example.com';
506 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
507 o
.placeholder
= 'no-reply@banIP';
510 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
511 o
.placeholder
= 'banIP notification';
514 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
515 o
.placeholder
= 'ban_notify';
516 o
.datatype
= 'uciname';
522 o
= s
.taboption('feeds', form
.DummyValue
, '_sub');
524 o
.default = '<em><b>' + _('List of supported and fully pre-configured banIP feeds.') + '</b></em>';
527 var focus
, feed
, feeds
;
528 feeds
= JSON
.parse(result
[0]);
530 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_feed', _('Feed Selection'));
531 for (var i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
532 feed
= Object
.keys(feeds
)[i
].trim();
533 focus
= feeds
[feed
].focus
.trim();
534 o
.value(feed
, feed
+ ' (' + focus
+ ')');
543 var code
, country
, countries
= [];
545 countries
= result
[1].trim().split('\n');
547 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_country', _('Countries'));
548 for (var i
= 0; i
< countries
.length
; i
++) {
549 code
= countries
[i
].match(/^(\w+);/)[1].trim();
550 country
= countries
[i
].match(/^\w+;(.*$)/)[1].trim();
551 o
.value(code
, country
);
557 o
= s
.taboption('feeds', form
.DynamicList
, 'ban_asn', _('ASNs'));
558 o
.datatype
= 'uinteger';
562 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoallowlist', _('Auto Allowlist'), _('Automatically transfers uplink IPs to the banIP allowlist.'));
566 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoblocklist', _('Auto Blocklist'), _('Automatically transfers suspicious IPs to the banIP blocklist.'));
570 o
= s
.taboption('feeds', form
.Flag
, 'ban_allowlistonly', _('Allowlist Only'), _('Restrict the internet access from/to a small number of secure IPs.'));