projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
luci-app-adblock: spelling / grammar
[project/luci.git] / applications / luci-app-banip / htdocs / luci-static / resources / view / banip / overview.js
1 'use strict';
2 'require view';
3 'require poll';
4 'require fs';
5 'require ui';
6 'require uci';
7 'require form';
8 'require tools.widgets as widgets';
9
10 /*
11 button handling
12 */
13 function handleAction(ev) {
14 if (ev === 'timer') {
15 L.ui.showModal(_('Refresh Timer'), [
16 E('p', _('To keep your banIP lists up-to-date, you should setup an automatic update job for these lists.')),
17 E('div', { 'class': 'left', 'style': 'display:flex; flex-direction:column' }, [
18 E('h5', _('Existing job(s)')),
19 E('textarea', {
20 'id': 'cronView',
21 'style': 'width: 100% !important; padding: 5px; font-family: monospace',
22 'readonly': 'readonly',
23 'wrap': 'off',
24 'rows': 5
25 })
26 ]),
27 E('div', { 'class': 'left', 'style': 'display:flex; flex-direction:column' }, [
28 E('label', { 'class': 'cbi-input-select', 'style': 'padding-top:.5em' }, [
29 E('h5', _('Set a new banIP job')),
30 E('select', { 'class': 'cbi-input-select', 'id': 'timerA' }, [
31 E('option', { 'value': 'start' }, 'Start'),
32 E('option', { 'value': 'reload' }, 'Reload'),
33 E('option', { 'value': 'restart' }, 'Restart'),
34 E('option', { 'value': 'refresh' }, 'Refresh'),
35 E('option', { 'value': 'suspend' }, 'Suspend'),
36 E('option', { 'value': 'resume' }, 'Resume'),
37 E('option', { 'value': 'report gen' }, 'Report'),
38 E('option', { 'value': 'report mail' }, 'Report & Mail')
39 ]),
40 '\xa0\xa0\xa0',
41 _('banIP action')
42 ]),
43 E('label', { 'class': 'cbi-input-text', 'style': 'padding-top:.5em' }, [
44 E('input', { 'class': 'cbi-input-text', 'id': 'timerH', 'maxlength': '2' }, [
45 ]),
46 '\xa0\xa0\xa0',
47 _('The hours portition (req., range: 0-23)')
48 ]),
49 E('label', { 'class': 'cbi-input-text', 'style': 'padding-top:.5em' }, [
50 E('input', { 'class': 'cbi-input-text', 'id': 'timerM', 'maxlength': '2' }),
51 '\xa0\xa0\xa0',
52 _('The minutes portion (opt., range: 0-59)')
53 ]),
54 E('label', { 'class': 'cbi-input-text', 'style': 'padding-top:.5em' }, [
55 E('input', { 'class': 'cbi-input-text', 'id': 'timerD', 'maxlength': '13' }),
56 '\xa0\xa0\xa0',
57 _('The day of the week (opt., values: 1-7 possibly sep. by , or -)')
58 ])
59 ]),
60 E('div', { 'class': 'left', 'style': 'display:flex; flex-direction:column' }, [
61 E('label', { 'class': 'cbi-input-select', 'style': 'padding-top:.5em' }, [
62 E('h5', _('Remove an existing job')),
63 E('input', { 'class': 'cbi-input-text', 'id': 'lineno', 'maxlength': '2' }, [
64 ]),
65 '\xa0\xa0\xa0',
66 _('Line number to remove')
67 ])
68 ]),
69 E('div', { 'class': 'right' }, [
70 E('button', {
71 'class': 'btn cbi-button',
72 'click': L.hideModal
73 }, _('Cancel')),
74 ' ',
75 E('button', {
76 'class': 'btn cbi-button-action',
77 'click': ui.createHandlerFn(this, function(ev) {
78 var lineno = document.getElementById('lineno').value;
79 var action = document.getElementById('timerA').value;
80 var hours = document.getElementById('timerH').value;
81 var minutes = document.getElementById('timerM').value || '0';
82 var days = document.getElementById('timerD').value || '*';
83 if (hours) {
84 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['timer', 'add', action, hours, minutes, days]))
85 .then(function(res) {
86 if (res) {
87 ui.addNotification(null, E('p', _('The Refresh Timer could not been updated.')), 'error');
88 } else {
89 ui.addNotification(null, E('p', _('The Refresh Timer has been updated.')), 'info');
90 }
91 });
92 } else if (lineno) {
93 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['timer', 'remove', lineno]))
94 .then(function(res) {
95 if (res) {
96 ui.addNotification(null, E('p', _('The Refresh Timer could not been updated.')), 'error');
97 } else {
98 ui.addNotification(null, E('p', _('The Refresh Timer has been updated.')), 'info');
99 }
100 });
101 } else {
102 document.getElementById('timerH').focus();
103 return
104 }
105 L.hideModal();
106 })
107 }, _('Save'))
108 ])
109 ]);
110 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['timer', 'list']))
111 .then(function(res) {
112 document.getElementById('cronView').value = res.trim();
113 });
114 document.getElementById('timerH').focus();
115 return
116 }
117
118 if (document.getElementById('status') && document.getElementById('status').textContent.substr(0,6) === 'paused') {
119 ev = 'resume';
120 }
121
122 fs.exec_direct('/etc/init.d/banip', [ev])
123 }
124
125 return view.extend({
126 load: function() {
127 return Promise.all([
128 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['list']), {}),
129 L.resolveDefault(fs.exec_direct('/usr/sbin/iptables', ['-L']), null),
130 L.resolveDefault(fs.exec_direct('/usr/sbin/ip6tables', ['-L']), null),
131 L.resolveDefault(fs.read_direct('/etc/banip/banip.countries'), ''),
132 uci.load('banip')
133 ]);
134 },
135
136 render: function(result) {
137 var m, s, o;
138
139 m = new form.Map('banip', 'banIP', _('Configuration of the banIP package to block ip adresses/subnets via IPSet. \
140 For further information <a href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >check the online documentation</a>'));
141
142 /*
143 poll runtime information
144 */
145 var rt_res, inf_stat, inf_ipsets, inf_sources, inf_srcarr, inf_devices, inf_devarr, inf_ifaces, inf_ifarr, inf_logterms, inf_logtarr
146 var inf_subnets, inf_subnarr, inf_misc, inf_flags, inf_run
147
148 pollData: poll.add(function() {
149 return L.resolveDefault(fs.read_direct('/tmp/ban_runtime.json'), 'null').then(function(res) {
150 rt_res = JSON.parse(res);
151 inf_stat = document.getElementById('status');
152 if (inf_stat && rt_res) {
153 inf_stat.textContent = (rt_res.status || '-') + ' / ' + (rt_res.version || '-');
154 if (rt_res.status === "running") {
155 if (!inf_stat.classList.contains("spinning")) {
156 inf_stat.classList.add("spinning");
157 }
158 } else {
159 if (inf_stat.classList.contains("spinning")) {
160 inf_stat.classList.remove("spinning");
161 if (document.getElementById('btn_suspend')) {
162 if (inf_stat.textContent.substr(0,6) === 'paused') {
163 document.querySelector('#btn_suspend').textContent = 'Resume';
164 }
165 if (document.getElementById('status').textContent.substr(0,7) === 'enabled') {
166 document.querySelector('#btn_suspend').textContent = 'Suspend';
167 }
168 }
169 }
170 }
171 } else if (inf_stat) {
172 inf_stat.textContent = '-';
173 if (inf_stat.classList.contains("spinning")) {
174 inf_stat.classList.remove("spinning");
175 }
176 }
177 inf_ipsets = document.getElementById('ipsets');
178 if (inf_ipsets && rt_res) {
179 inf_ipsets.textContent = rt_res.ipset_info || '-';
180 }
181 inf_sources = document.getElementById('sources');
182 inf_srcarr = [];
183 if (inf_sources && rt_res) {
184 for (var i = 0; i < rt_res.active_sources.length; i++) {
185 if (i < rt_res.active_sources.length-1) {
186 inf_srcarr += rt_res.active_sources[i].source + ', ';
187 } else {
188 inf_srcarr += rt_res.active_sources[i].source
189 }
190 }
191 inf_sources.textContent = inf_srcarr || '-';
192 }
193 inf_devices = document.getElementById('devices');
194 inf_devarr = [];
195 if (inf_devices && rt_res) {
196 for (var i = 0; i < rt_res.active_devs.length; i++) {
197 if (i < rt_res.active_devs.length-1) {
198 inf_devarr += rt_res.active_devs[i].dev + ', ';
199 } else {
200 inf_devarr += rt_res.active_devs[i].dev
201 }
202 }
203 inf_devices.textContent = inf_devarr || '-';
204 }
205 inf_ifaces = document.getElementById('ifaces');
206 inf_ifarr = [];
207 if (inf_ifaces && rt_res) {
208 for (var i = 0; i < rt_res.active_ifaces.length; i++) {
209 if (i < rt_res.active_ifaces.length-1) {
210 inf_ifarr += rt_res.active_ifaces[i].iface + ', ';
211 } else {
212 inf_ifarr += rt_res.active_ifaces[i].iface
213 }
214 }
215 inf_ifaces.textContent = inf_ifarr || '-';
216 }
217 inf_logterms = document.getElementById('logterms');
218 inf_logtarr = [];
219 if (inf_logterms && rt_res) {
220 for (var i = 0; i < rt_res.active_logterms.length; i++) {
221 if (i < rt_res.active_logterms.length-1) {
222 inf_logtarr += rt_res.active_logterms[i].term + ', ';
223 } else {
224 inf_logtarr += rt_res.active_logterms[i].term
225 }
226 }
227 inf_logterms.textContent = inf_logtarr || '-';
228 }
229 inf_subnets = document.getElementById('subnets');
230 inf_subnarr = [];
231 if (inf_subnets && rt_res) {
232 for (var i = 0; i < rt_res.active_subnets.length; i++) {
233 if (i < rt_res.active_subnets.length-1) {
234 inf_subnarr += rt_res.active_subnets[i].subnet + ', ';
235 } else {
236 inf_subnarr += rt_res.active_subnets[i].subnet
237 }
238 }
239 inf_subnets.textContent = inf_subnarr || '-';
240 }
241 inf_misc = document.getElementById('infos');
242 if (inf_misc && rt_res) {
243 inf_misc.textContent = rt_res.run_infos || '-';
244 }
245 inf_flags = document.getElementById('flags');
246 if (inf_flags && rt_res) {
247 inf_flags.textContent = rt_res.run_flags || '-';
248 }
249 inf_run = document.getElementById('run');
250 if (inf_run && rt_res) {
251 inf_run.textContent = rt_res.last_run || '-';
252 }
253 });
254 }, 1);
255
256 /*
257 runtime information and buttons
258 */
259 s = m.section(form.NamedSection, 'global');
260 s.render = L.bind(function(view, section_id) {
261 return E('div', { 'class': 'cbi-section' }, [
262 E('h3', _('Information')),
263 E('div', { 'class': 'cbi-value' }, [
264 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Status / Version')),
265 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'color:#37c' },'\xa0')
266 ]),
267 E('div', { 'class': 'cbi-value' }, [
268 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('IPSet Information')),
269 E('div', { 'class': 'cbi-value-field', 'id': 'ipsets', 'style': 'color:#37c' },'-')
270 ]),
271 E('div', { 'class': 'cbi-value' }, [
272 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Sources')),
273 E('div', { 'class': 'cbi-value-field', 'id': 'sources', 'style': 'color:#37c' },'-')
274 ]),
275 E('div', { 'class': 'cbi-value' }, [
276 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Devices')),
277 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'color:#37c' },'-')
278 ]),
279 E('div', { 'class': 'cbi-value' }, [
280 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Interfaces')),
281 E('div', { 'class': 'cbi-value-field', 'id': 'ifaces', 'style': 'color:#37c' },'-')
282 ]),
283 E('div', { 'class': 'cbi-value' }, [
284 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Logterms')),
285 E('div', { 'class': 'cbi-value-field', 'id': 'logterms', 'style': 'color:#37c' },'-')
286 ]),
287 E('div', { 'class': 'cbi-value' }, [
288 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Subnets')),
289 E('div', { 'class': 'cbi-value-field', 'id': 'subnets', 'style': 'color:#37c' },'-')
290 ]),
291 E('div', { 'class': 'cbi-value' }, [
292 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Run Information')),
293 E('div', { 'class': 'cbi-value-field', 'id': 'infos', 'style': 'color:#37c' },'-')
294 ]),
295 E('div', { 'class': 'cbi-value' }, [
296 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Run Flags')),
297 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'color:#37c' },'-')
298 ]),
299 E('div', { 'class': 'cbi-value' }, [
300 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Last Run')),
301 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'color:#37c' },'-')
302 ]),
303 E('div', { class: 'right' }, [
304 E('button', {
305 'class': 'btn cbi-button cbi-button-apply',
306 'click': ui.createHandlerFn(this, function() {
307 return handleAction('timer');
308 })
309 }, [ _('Refresh Timer...') ]),
310 '\xa0\xa0\xa0',
311 E('button', {
312 'class': 'btn cbi-button cbi-button-apply',
313 'id': 'btn_suspend',
314 'click': ui.createHandlerFn(this, function() {
315 return handleAction('suspend');
316 })
317 }, [ _('Suspend') ]),
318 '\xa0\xa0\xa0',
319 E('button', {
320 'class': 'btn cbi-button cbi-button-positive',
321 'click': ui.createHandlerFn(this, function() {
322 return handleAction('refresh');
323 })
324 }, [ _('Refresh') ]),
325 '\xa0\xa0\xa0',
326 E('button', {
327 'class': 'btn cbi-button cbi-button-negative',
328 'click': ui.createHandlerFn(this, function() {
329 return handleAction('restart');
330 })
331 }, [ _('Restart') ])
332 ])
333 ]);
334 }, o, this);
335 this.pollData;
336
337 /*
338 tabbed config section
339 */
340 s = m.section(form.NamedSection, 'global', 'banip', _('Settings'));
341 s.addremove = false;
342 s.tab('general', _('General Settings'));
343 s.tab('additional', _('Additional Settings'));
344 s.tab('adv_chain', _('Advanced Chain Settings'));
345 s.tab('adv_log', _('Advanced Log Settings'));
346 s.tab('adv_email', _('Advanced E-Mail Settings'));
347 s.tab('sources', _('Blocklist Sources'));
348
349 /*
350 general settings tab
351 */
352 o = s.taboption('general', form.Flag, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
353 o.rmempty = false;
354
355 o = s.taboption('general', widgets.NetworkSelect, 'ban_trigger', _('Startup Trigger Interface'), _('List of available network interfaces to trigger the banIP start.'));
356 o.unspecified = true;
357 o.nocreate = true;
358 o.rmempty = true;
359
360 o = s.taboption('general', form.Flag, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network interfaces, devices, subnets and protocols automatically.'));
361 o.rmempty = false;
362
363 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifaces', _('Network Interfaces'), _('Select the relevant network interfaces manually.'));
364 o.depends('ban_autodetect', '0');
365 o.unspecified = true;
366 o.multiple = true;
367 o.nocreate = true;
368 o.optional = true;
369 o.rmempty = false;
370
371 o = s.taboption('general', form.Flag, 'ban_proto4_enabled', _('IPv4 Support'), _('Enables IPv4 support in banIP.'));
372 o.depends('ban_autodetect', '0');
373 o.optional = true;
374 o.rmempty = false;
375
376 o = s.taboption('general', form.Flag, 'ban_proto6_enabled', _('IPv6 Support'), _('Enables IPv6 support in banIP.'));
377 o.depends('ban_autodetect', '0');
378 o.optional = true;
379 o.rmempty = false;
380
381 o = s.taboption('general', form.Flag, 'ban_monitor_enabled', _('Log Monitor'), _('Starts a small log monitor in the background to block suspicious SSH/LuCI login attempts.'));
382 o.rmempty = false;
383
384 o = s.taboption('general', form.Flag, 'ban_logsrc_enabled', _('Enable SRC logging'), _('Log suspicious incoming packets - usually dropped.'));
385 o.rmempty = false;
386
387 o = s.taboption('general', form.Flag, 'ban_logdst_enabled', _('Enable DST logging'), _('Log suspicious outgoing packets - usually rejected. \
388 Logging such packets may cause an increase in latency due to it requiring additional system resources.'));
389 o.rmempty = false;
390
391 o = s.taboption('general', form.Flag, 'ban_whitelistonly', _('Whitelist Only'), _('Restrict the internet access from/to a small number of secure websites/IPs \
392 and block access from/to the rest of the internet.'));
393 o.rmempty = true;
394
395 o = s.taboption('general', form.Flag, 'ban_mail_enabled', _('E-Mail Notification'), _('Send banIP related notification e-mails. \
396 This needs the installation and setup of the additional \'msmtp\' package.'));
397 o.rmempty = false;
398
399 o = s.taboption('general', form.Value, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification e-mails.'));
400 o.depends('ban_mail_enabled', '1');
401 o.placeholder = 'name@example.com';
402 o.rmempty = true;
403
404 /*
405 additional settings tab
406 */
407 o = s.taboption('additional', form.Flag, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of any processing errors.'));
408 o.rmempty = false;
409
410 o = s.taboption('additional', form.ListValue, 'ban_nice', _('Service Priority'), _('The selected priority will be used for banIP background processing. \
411 This change requires a full banIP service restart to take effect.'));
412 o.value('-20', _('Highest Priority'));
413 o.value('-10', _('High Priority'));
414 o.value('0', _('Normal Priority (default)'));
415 o.value('10', _('Less Priority'));
416 o.value('19', _('Least Priority'));
417 o.optional = true;
418 o.rmempty = true;
419
420 o = s.taboption('additional', form.Value, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds before banIP processing begins.'));
421 o.placeholder = '5';
422 o.datatype = 'range(1,120)';
423 o.rmempty = true;
424
425 o = s.taboption('additional', form.ListValue, 'ban_maxqueue', _('Download Queue'), _('Size of the download queue for download processing in parallel.'));
426 o.value('1');
427 o.value('2');
428 o.value('4');
429 o.value('8');
430 o.value('16');
431 o.value('32');
432 o.optional = true;
433 o.rmempty = false;
434
435 o = s.taboption('additional', form.Value, 'ban_tmpbase', _('Base Temp Directory'), _('Base Temp Directory used for all banIP related runtime operations.'));
436 o.placeholder = '/tmp';
437 o.rmempty = true;
438
439 o = s.taboption('additional', form.Value, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed source list backups.'));
440 o.placeholder = '/tmp/banIP-Backup';
441 o.rmempty = true;
442
443 o = s.taboption('additional', form.Value, 'ban_reportdir', _('Report Directory'), _('Target directory for IPSet related report files.'));
444 o.placeholder = '/tmp/banIP-Report';
445 o.rmempty = true;
446
447 o = s.taboption('additional', form.ListValue, 'ban_fetchutil', _('Download Utility'), _('List of supported and fully pre-configured download utilities.'));
448 o.value('uclient-fetch');
449 o.value('wget');
450 o.value('curl');
451 o.value('aria2c');
452 o.optional = true;
453 o.rmempty = true;
454
455 o = s.taboption('additional', form.Flag, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
456 o.default = 0
457 o.rmempty = true;
458
459 o = s.taboption('additional', form.Value, 'ban_fetchparm', _('Download Parameters'), _('Manually override the pre-configured download options for the selected download utility.'))
460 o.optional = true;
461 o.rmempty = true;
462
463 /*
464 advanced chain settings tab
465 */
466 o = s.taboption('adv_chain', form.DummyValue, '_sub');
467 o.rawhtml = true;
468 o.default = '<em><b>Changes on this tab needs a full banIP service restart to take effect.</b></em>';
469
470 o = s.taboption('adv_chain', form.ListValue, 'ban_global_settype', _('Global IPSet Type'), _('Set the global IPset type default, to block incoming (SRC) and/or outgoing (DST) packets.'));
471 o.value('src+dst');
472 o.value('src');
473 o.value('dst');
474 o.rmempty = false;
475
476 o = s.taboption('adv_chain', form.ListValue, 'ban_target_src', _('SRC Target'), _('Set the firewall target for all SRC related rules.'));
477 o.value('DROP');
478 o.value('REJECT');
479 o.rmempty = false;
480
481 o = s.taboption('adv_chain', form.ListValue, 'ban_target_dst', _('DST Target'), _('Set the firewall target for all DST related rules.'));
482 o.value('REJECT');
483 o.value('DROP');
484 o.rmempty = false;
485
486 o = s.taboption('adv_chain', form.DummyValue, '_sub');
487 o.rawhtml = true;
488 o.default = '<em><b>Individual IPSet Settings</b></em>';
489
490 o = s.taboption('adv_chain', form.ListValue, 'ban_maclist_timeout', _('Maclist Timeout'), _('Set the maclist IPSet timeout.'));
491 o.value('1800', _('30 minutes'));
492 o.value('3600', _('1 hour'));
493 o.value('21600', _('6 hours'));
494 o.value('43200', _('12 hours'));
495 o.value('86400', _('24 hours'));
496 o.optional = true;
497 o.rmempty = true;
498
499 o = s.taboption('adv_chain', form.ListValue, 'ban_whitelist_timeout', _('Whitelist Timeout'), _('Set the whitelist IPSet timeout.'));
500 o.value('1800', _('30 minutes'));
501 o.value('3600', _('1 hour'));
502 o.value('21600', _('6 hours'));
503 o.value('43200', _('12 hours'));
504 o.value('86400', _('24 hours'));
505 o.optional = true;
506 o.rmempty = true;
507
508 o = s.taboption('adv_chain', form.ListValue, 'ban_blacklist_timeout', _('Blacklist Timeout'), _('Set the blacklist IPSet timeout.'));
509 o.value('1800', _('30 minutes'));
510 o.value('3600', _('1 hour'));
511 o.value('21600', _('6 hours'));
512 o.value('43200', _('12 hours'));
513 o.value('86400', _('24 hours'));
514 o.optional = true;
515 o.rmempty = true;
516
517 var info, source, sources = [];
518 if (result[0]) {
519 sources = result[0].trim().split('\n');
520 }
521
522 o = s.taboption('adv_chain', form.MultiValue, 'ban_settype_src', _('SRC IPSet Type'), _('Set individual SRC type per IPset to block only incoming packets.'));
523 o.value('whitelist');
524 o.value('blacklist');
525 for (var i = 0; i < sources.length; i++) {
526 if (sources[i].match(/^\s+\+/)) {
527 source = sources[i].match(/^\s+\+\s(\w+)\s/)[1].trim();
528 o.value(source);
529 }
530 }
531 o.optional = true;
532 o.rmempty = true;
533
534 o = s.taboption('adv_chain', form.MultiValue, 'ban_settype_dst', _('DST IPSet Type'), _('Set individual DST type per IPset to block only outgoing packets.'));
535 o.value('whitelist');
536 o.value('blacklist');
537 for (var i = 0; i < sources.length; i++) {
538 if (sources[i].match(/^\s+\+/)) {
539 source = sources[i].match(/^\s+\+\s(\w+)\s/)[1].trim();
540 o.value(source);
541 }
542 }
543 o.optional = true;
544 o.rmempty = true;
545
546 o = s.taboption('adv_chain', form.MultiValue, 'ban_settype_all', _('SRC+DST IPSet Type'), _('Set individual SRC+DST type per IPset to block incoming and outgoing packets.'));
547 o.value('whitelist');
548 o.value('blacklist');
549 for (var i = 0; i < sources.length; i++) {
550 if (sources[i].match(/^\s+\+/)) {
551 source = sources[i].match(/^\s+\+\s(\w+)\s/)[1].trim();
552 o.value(source);
553 }
554 }
555 o.optional = true;
556 o.rmempty = true;
557
558 o = s.taboption('adv_chain', form.DummyValue, '_sub');
559 o.rawhtml = true;
560 o.default = '<em><b>IPv4 Chains</b></em>';
561
562 /*
563 prepare iptables data
564 */
565 var chain, result_v4=[], result_v6=[];
566 if (result[1]) {
567 result_v4 = result[1].trim().split('\n');
568 } else if (result[2]) {
569 result_v4 = result[2].trim().split('\n');
570 }
571
572 if (result[2]) {
573 result_v6 = result[2].trim().split('\n');
574 } else if (result[1]) {
575 result_v6 = result[1].trim().split('\n');
576 }
577
578 o = s.taboption('adv_chain', form.DynamicList, 'ban_lan_inputchains_4', _('LAN Input'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'input_lan_rule\'.'));
579 for (var i = 0; i < result_v4.length; i++) {
580 if (result_v4[i].match(/^Chain input[\w_]+\s+/)) {
581 chain = result_v4[i].match(/\s+(input[\w_]+)\s+/)[1].trim();
582 o.value(chain);
583 }
584 }
585 o.datatype = 'uciname';
586 o.optional = true;
587 o.rmempty = true;
588
589 o = s.taboption('adv_chain', form.DynamicList, 'ban_lan_forwardchains_4', _('LAN Forward'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'forwarding_lan_rule\'.'));
590 for (var i = 0; i < result_v4.length; i++) {
591 if (result_v4[i].match(/^Chain forwarding[\w_]+\s+/)) {
592 chain = result_v4[i].match(/\s+(forwarding[\w_]+)\s+/)[1].trim();
593 o.value(chain);
594 }
595 }
596 o.datatype = 'uciname';
597 o.optional = true;
598 o.rmempty = true;
599
600 o = s.taboption('adv_chain', form.DynamicList, 'ban_wan_inputchains_4', _('WAN Input'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'input_wan_rule\'.'));
601 for (var i = 0; i < result_v4.length; i++) {
602 if (result_v4[i].match(/^Chain input[\w_]+\s+/)) {
603 chain = result_v4[i].match(/\s+(input[\w_]+)\s+/)[1].trim();
604 o.value(chain);
605 }
606 }
607 o.datatype = 'uciname';
608 o.optional = true;
609 o.rmempty = true;
610
611 o = s.taboption('adv_chain', form.DynamicList, 'ban_wan_forwardchains_4', _('WAN Forward'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'forwarding_wan_rule\'.'));
612 for (var i = 0; i < result_v4.length; i++) {
613 if (result_v4[i].match(/^Chain forwarding[\w_]+\s+/)) {
614 chain = result_v4[i].match(/\s+(forwarding[\w_]+)\s+/)[1].trim();
615 o.value(chain);
616 }
617 }
618 o.datatype = 'uciname';
619 o.optional = true;
620 o.rmempty = true;
621
622 o = s.taboption('adv_chain', form.DummyValue, '_sub');
623 o.rawhtml = true;
624 o.default = '<em><b>IPv6 Chains</b></em>';
625
626 o = s.taboption('adv_chain', form.DynamicList, 'ban_lan_inputchains_6', _('LAN Input'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'input_lan_rule\'.'));
627 for (var i = 0; i < result_v6.length; i++) {
628 if (result_v6[i].match(/^Chain input[\w_]+\s+/)) {
629 chain = result_v6[i].match(/\s+(input[\w_]+)\s+/)[1].trim();
630 o.value(chain);
631 }
632 }
633 o.datatype = 'uciname';
634 o.optional = true;
635 o.rmempty = true;
636
637 o = s.taboption('adv_chain', form.DynamicList, 'ban_lan_forwardchains_6', _('LAN Forward'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'forwarding_lan_rule\'.'));
638 for (var i = 0; i < result_v6.length; i++) {
639 if (result_v6[i].match(/^Chain forwarding[\w_]+\s+/)) {
640 chain = result_v6[i].match(/\s+(forwarding[\w_]+)\s+/)[1].trim();
641 o.value(chain);
642 }
643 }
644 o.datatype = 'uciname';
645 o.optional = true;
646 o.rmempty = true;
647
648 o = s.taboption('adv_chain', form.DynamicList, 'ban_wan_inputchains_6', _('WAN Input'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'input_wan_rule\'.'));
649 for (var i = 0; i < result_v6.length; i++) {
650 if (result_v6[i].match(/^Chain input[\w_]+\s+/)) {
651 chain = result_v6[i].match(/\s+(input[\w_]+)\s+/)[1].trim();
652 o.value(chain);
653 }
654 }
655 o.datatype = 'uciname';
656 o.optional = true;
657 o.rmempty = true;
658
659 o = s.taboption('adv_chain', form.DynamicList, 'ban_wan_forwardchains_6', _('WAN Forward'), _('Assign one or more relevant firewall chains to banIP. The default chain used by banIP is \'forwarding_wan_rule\'.'));
660 for (var i = 0; i < result_v6.length; i++) {
661 if (result_v6[i].match(/^Chain forwarding[\w_]+\s+/)) {
662 chain = result_v6[i].match(/\s+(forwarding[\w_]+)\s+/)[1].trim();
663 o.value(chain);
664 }
665 }
666 o.datatype = 'uciname';
667 o.optional = true;
668 o.rmempty = true;
669
670 /*
671 advanced log settings tab
672 */
673 o = s.taboption('adv_log', form.DummyValue, '_sub');
674 o.rawhtml = true;
675 o.default = '<em><b>Changes on this tab needs a full banIP service restart to take effect.</b></em>';
676
677 o = s.taboption('adv_log', form.ListValue, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events.'));
678 o.value('50');
679 o.value('100');
680 o.value('250');
681 o.value('500');
682 o.rmempty = false;
683
684 o = s.taboption('adv_log', form.MultiValue, 'ban_logterms', _('Log Terms'), _('Limit the log monitor to certain log terms.'));
685 o.value('dropbear');
686 o.value('sshd');
687 o.value('luci');
688 o.value('nginx');
689 o.optional = true;
690 o.rmempty = true;
691
692 o = s.taboption('adv_log', form.Value, 'ban_ssh_logcount', _('SSH Log Count'), _('Number of failed ssh login repetitions of the same ip in the log before banning.'));
693 o.placeholder = '3';
694 o.datatype = 'range(1,10)';
695 o.rmempty = true;
696
697 o = s.taboption('adv_log', form.Value, 'ban_luci_logcount', _('LuCI Log Count'), _('Number of failed LuCI login repetitions of the same ip in the log before banning.'));
698 o.placeholder = '3';
699 o.datatype = 'range(1,10)';
700 o.rmempty = true;
701
702 o = s.taboption('adv_log', form.Value, 'ban_nginx_logcount', _('NGINX Log Count'), _('Number of failed nginx requests of the same ip in the log before banning.'));
703 o.placeholder = '5';
704 o.datatype = 'range(1,20)';
705 o.rmempty = true;
706
707 o = s.taboption('adv_log', form.Value, 'ban_logopts_src', _('SRC Log Options'), _('Set special SRC log options, e.g. to set a limit rate.'));
708 o.nocreate = false;
709 o.unspecified = true;
710 o.value('-m limit --limit 2/sec', _('-m limit --limit 2/sec (default)'));
711 o.value('-m limit --limit 10/sec');
712 o.optional = true;
713 o.rmempty = true;
714
715 o = s.taboption('adv_log', form.Value, 'ban_logopts_dst', _('DST Log Options'), _('Set special DST log options, e.g. to set a limit rate.'));
716 o.nocreate = false;
717 o.unspecified = true;
718 o.value('-m limit --limit 2/sec', _('-m limit --limit 2/sec (default)'));
719 o.value('-m limit --limit 10/sec');
720 o.optional = true;
721 o.rmempty = true;
722
723 /*
724 advanced email settings tab
725 */
726 o = s.taboption('adv_email', form.Value, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
727 o.placeholder = 'no-reply@banIP';
728 o.rmempty = true;
729
730 o = s.taboption('adv_email', form.Value, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
731 o.placeholder = 'banIP notification';
732 o.rmempty = true;
733
734 o = s.taboption('adv_email', form.Value, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
735 o.placeholder = 'ban_notify';
736 o.datatype = 'uciname';
737 o.rmempty = true;
738
739 o = s.taboption('adv_email', form.MultiValue, 'ban_mailactions', _('E-Mail Actions'), _('Limit E-Mail trigger to certain banIP actions.'));
740 o.value('start');
741 o.value('reload');
742 o.value('restart');
743 o.value('refresh');
744 o.rmempty = true;
745
746 /*
747 blocklist sources tab
748 */
749 o = s.taboption('sources', form.DummyValue, '_sub');
750 o.rawhtml = true;
751 o.default = '<em><b>List of supported and fully pre-configured banIP sources.</b></em>';
752
753 o = s.taboption('sources', form.MultiValue, 'ban_sources', _('Sources (Info)'));
754 for (var i = 0; i < sources.length; i++) {
755 if (sources[i].match(/^\s+\+/)) {
756 source = sources[i].match(/^\s+\+\s(\w+)\s/)[1].trim();
757 info = sources[i].slice(35,70).trim();
758 o.value(source, source + ' (' + info + ')');
759 }
760 }
761 o.optional = true;
762 o.rmempty = true;
763
764 o = s.taboption('sources', form.DummyValue, '_sub');
765 o.rawhtml = true;
766 o.default = '<em><b>Country Selection</b></em>';
767
768 /*
769 prepare country data
770 */
771 var code, country, countries = [];
772 if (result[3]) {
773 countries = result[3].trim().split('\n');
774 }
775
776 o = s.taboption('sources', form.DynamicList, 'ban_countries', _('Countries'));
777 for (var i = 0; i < countries.length; i++) {
778 code = countries[i].match(/^(\w+);/)[1].trim();
779 country = countries[i].match(/^\w+;(.*$)/)[1].trim();
780 o.value(code, country);
781 }
782 o.optional = true;
783 o.rmempty = true;
784
785 o = s.taboption('sources', form.DummyValue, '_sub');
786 o.rawhtml = true;
787 o.default = '<em><b>ASN Selection</b></em>';
788
789 o = s.taboption('sources', form.DynamicList, 'ban_asns', _('ASNs'));
790 o.datatype = 'uinteger';
791 o.optional = true;
792 o.rmempty = true;
793
794 o = s.taboption('sources', form.DummyValue, '_sub');
795 o.rawhtml = true;
796 o.default = '<em><b>Local Sources</b></em>';
797
798 o = s.taboption('sources', form.MultiValue, 'ban_localsources', _('Local Sources'), _('Limit the selection to certain local sources.'));
799 o.value('maclist');
800 o.value('whitelist');
801 o.value('blacklist');
802 o.optional = true;
803 o.rmempty = true;
804
805 o = s.taboption('sources', form.DynamicList, 'ban_extrasources', _('Extra Sources'), _('Add additional, non-banIP related IPSets e.g. for reporting and queries.'));
806 o.datatype = 'uciname';
807 o.optional = true;
808 o.rmempty = true;
809
810 o = s.taboption('sources', form.Flag, 'ban_autoblacklist', _('Auto Blacklist'), _('Automatically transfers suspicious IPs from the log to the banIP blacklist during runtime.'));
811 o.rmempty = false;
812
813 o = s.taboption('sources', form.Flag, 'ban_autowhitelist', _('Auto Whitelist'), _('Automatically transfers uplink IPs to the banIP whitelist during runtime.'));
814 o.rmempty = false;
815
816 return m.render();
817 },
818 handleReset: null
819 });
Lua Configuration Interface (mirror)