6 'require tools.widgets as widgets';
7 'require shadowsocks-libev as ss';
9 var conf
= 'shadowsocks-libev';
11 function src_dst_option(s
/*, ... */) {
12 var o
= s
.taboption
.apply(s
, L
.varargs(arguments
, 1));
13 o
.datatype
= 'or(ipaddr,cidr)';
19 L
.resolveDefault(fs
.stat('/usr/lib/iptables/libxt_recent.so'), {}),
20 L
.resolveDefault(fs
.stat('/usr/bin/ss-rules'), null),
21 uci
.load(conf
).then(function() {
22 if (!uci
.get_first(conf
, 'ss_rules')) {
23 uci
.set(conf
, uci
.add(conf
, 'ss_rules', 'ss_rules'), 'disabled', '1');
28 render: function(stats
) {
31 m
= new form
.Map(conf
, _('Redir Rules'),
32 _('On this page you can configure how traffics are to be \
33 forwarded to ss-redir instances. \
34 If enabled, packets will first have their src ip addresses checked \
35 against <em>Src ip/net bypass</em>, <em>Src ip/net forward</em>, \
36 <em>Src ip/net checkdst</em> and if none matches <em>Src default</em> \
37 will give the default action to be taken. \
38 If the prior check results in action <em>checkdst</em>, packets will continue \
39 to have their dst addresses checked.'));
41 s
= m
.section(form
.NamedSection
, 'ss_rules', 'ss_rules');
42 s
.tab('general', _('General Settings'));
43 s
.tab('src', _('Source Settings'));
44 s
.tab('dst', _('Destination Settings'));
46 s
.taboption('general', form
.Flag
, 'disabled', _('Disable'));
48 ss
.option_install_package(s
, 'general');
51 o
= s
.taboption('general', form
.ListValue
, 'redir_tcp',
52 _('ss-redir for TCP'));
53 ss
.values_redir(o
, 'tcp');
54 o
= s
.taboption('general', form
.ListValue
, 'redir_udp',
55 _('ss-redir for UDP'));
56 ss
.values_redir(o
, 'udp');
58 o
= s
.taboption('general', form
.ListValue
, 'local_default',
59 _('Local-out default'),
60 _('Default action for locally generated TCP packets'));
62 o
= s
.taboption('general', widgets
.DeviceSelect
, 'ifnames',
63 _('Ingress interfaces'),
64 _('Only apply rules on packets from these network interfaces'));
68 s
.taboption('general', form
.Value
, 'ipt_args',
70 _('Passes additional arguments to iptables. Use with care!'));
72 src_dst_option(s
, 'src', form
.DynamicList
, 'src_ips_bypass',
73 _('Src ip/net bypass'),
74 _('Bypass ss-redir for packets with src address in this list'));
75 src_dst_option(s
, 'src', form
.DynamicList
, 'src_ips_forward',
76 _('Src ip/net forward'),
77 _('Forward through ss-redir for packets with src address in this list'));
78 src_dst_option(s
, 'src', form
.DynamicList
, 'src_ips_checkdst',
79 _('Src ip/net checkdst'),
80 _('Continue to have dst address checked for packets with src address in this list'));
81 o
= s
.taboption('src', form
.ListValue
, 'src_default',
83 _('Default action for packets whose src address do not match any of the src ip/net list'));
86 src_dst_option(s
, 'dst', form
.DynamicList
, 'dst_ips_bypass',
87 _('Dst ip/net bypass'),
88 _('Bypass ss-redir for packets with dst address in this list'));
89 src_dst_option(s
, 'dst', form
.DynamicList
, 'dst_ips_forward',
90 _('Dst ip/net forward'),
91 _('Forward through ss-redir for packets with dst address in this list'));
93 var dir
= '/etc/shadowsocks-libev';
94 o
= s
.taboption('dst', form
.FileUpload
, 'dst_ips_bypass_file',
95 _('Dst ip/net bypass file'),
96 _('File containing ip/net for the purposes as with <em>Dst ip/net bypass</em>'));
97 o
.root_directory
= dir
;
98 o
= s
.taboption('dst', form
.FileUpload
, 'dst_ips_forward_file',
99 _('Dst ip/net forward file'),
100 _('File containing ip/net for the purposes as with <em>Dst ip/net forward</em>'));
101 o
.root_directory
= dir
;
102 o
= s
.taboption('dst', form
.ListValue
, 'dst_default',
104 _('Default action for packets whose dst address do not match any of the dst ip list'));
105 ss
.values_actions(o
);
107 if (stats
[0].type
=== 'file') {
108 o
= s
.taboption('dst', form
.Flag
, 'dst_forward_recentrst');
110 uci
.set(conf
, 'ss_rules', 'dst_forward_recentrst', '0');
111 o
= s
.taboption('dst', form
.Button
, '_install');
112 o
.inputtitle
= _('Install package iptables-mod-conntrack-extra');
113 o
.inputstyle
= 'apply';
114 o
.onclick = function() {
115 window
.open(L
.url('admin/system/opkg') +
116 '?query=iptables-mod-conntrack-extra', '_blank', 'noopener');
119 o
.title
= _('Forward recentrst');
120 o
.description
= _('Forward those packets whose dst have recently sent to us multiple tcp-rst');