applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua

   1 -- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
   2 -- Licensed to the public under the Apache License 2.0.
   3
   4 local ss = require("luci.model.shadowsocks-libev")
   5
   6 local m, s, o
   7
   8 m = Map("shadowsocks-libev",
   9         translate("Redir Rules"),
  10         translate("On this page you can configure how traffics are to be \
  11                 forwarded to ss-redir instances. \
  12                 If enabled, packets will first have their src ip addresses checked \
  13                 against <em>Src ip/net bypass</em>, <em>Src ip/net forward</em>, \
  14                 <em>Src ip/net checkdst</em> and if none matches <em>Src default</em> \
  15                 will give the default action to be taken. \
  16                 If the prior check results in action <em>checkdst</em>, packets will continue \
  17                 to have their dst addresses checked."))
  18
  19 local sdata = m:get('ss_rules')
  20 if not sdata then
  21         m:set('ss_rules', nil, 'ss_rules')
  22         m:set('ss_rules', 'disabled', "1")
  23 end
  24
  25 function src_dst_option(s, ...)
  26         local o = s:taboption(...)
  27         o.datatype = "or(ip4addr,cidr4)"
  28 end
  29
  30 s = m:section(NamedSection, "ss_rules", "ss_rules")
  31 s:tab("general", translate("General Settings"))
  32 s:tab("src", translate("Source Settings"))
  33 s:tab("dst", translate("Destination Settings"))
  34
  35 s:taboption('general', Flag, "disabled", translate("Disable"))
  36 ss.option_install_package(s, 'general')
  37
  38 o = s:taboption('general', ListValue, "redir_tcp",
  39         translate("ss-redir for TCP"))
  40 ss.values_redir(o, 'tcp')
  41 o = s:taboption('general', ListValue, "redir_udp",
  42         translate("ss-redir for UDP"))
  43 ss.values_redir(o, 'udp')
  44
  45 o = s:taboption('general', ListValue, "local_default",
  46         translate("Local-out default"),
  47         translate("Default action for locally generated TCP packets"))
  48 ss.values_actions(o)
  49 o = s:taboption('general', DynamicList, "ifnames",
  50         translate("Ingress interfaces"),
  51         translate("Only apply rules on packets from these network interfaces"))
  52 ss.values_ifnames(o)
  53 s:taboption('general', Value, "ipt_args",
  54         translate("Extra arguments"),
  55         translate("Passes additional arguments to iptables. Use with care!"))
  56
  57 src_dst_option(s, 'src', DynamicList, "src_ips_bypass",
  58         translate("Src ip/net bypass"),
  59         translate("Bypass ss-redir for packets with src address in this list"))
  60 src_dst_option(s, 'src', DynamicList, "src_ips_forward",
  61         translate("Src ip/net forward"),
  62         translate("Forward through ss-redir for packets with src address in this list"))
  63 src_dst_option(s, 'src', DynamicList, "src_ips_checkdst",
  64         translate("Src ip/net checkdst"),
  65         translate("Continue to have dst address checked for packets with src address in this list"))
  66 o = s:taboption('src', ListValue, "src_default",
  67         translate("Src default"),
  68         translate("Default action for packets whose src address do not match any of the src ip/net list"))
  69 ss.values_actions(o)
  70
  71 src_dst_option(s, 'dst', DynamicList, "dst_ips_bypass",
  72         translate("Dst ip/net bypass"),
  73         translate("Bypass ss-redir for packets with dst address in this list"))
  74 src_dst_option(s, 'dst', DynamicList, "dst_ips_forward",
  75         translate("Dst ip/net forward"),
  76         translate("Forward through ss-redir for packets with dst address in this list"))
  77
  78 o = s:taboption('dst', FileBrowser, "dst_ips_bypass_file",
  79         translate("Dst ip/net bypass file"),
  80         translate("File containing ip/net for the purposes as with <em>Dst ip/net bypass</em>"))
  81 o.datatype = "file"
  82 s:taboption('dst', FileBrowser, "dst_ips_forward_file",
  83         translate("Dst ip/net forward file"),
  84         translate("File containing ip/net for the purposes as with <em>Dst ip/net forward</em>"))
  85 o.datatype = "file"
  86 o = s:taboption('dst', ListValue, "dst_default",
  87         translate("Dst default"),
  88         translate("Default action for packets whose dst address do not match any of the dst ip list"))
  89 ss.values_actions(o)
  90
  91 local installed = os.execute("iptables -m recent -h &>/dev/null") == 0
  92 if installed then
  93         o = s:taboption('dst', Flag, "dst_forward_recentrst")
  94 else
  95         m:set('ss_rules', 'dst_forward_recentrst', "0")
  96         o = s:taboption("dst", Button, "_install")
  97         o.inputtitle = translate("Install package iptables-mod-conntrack-extra")
  98         o.inputstyle = "apply"
  99         o.write = function()
 100                 return luci.http.redirect(
 101                         luci.dispatcher.build_url("admin/system/packages") ..
 102                         "?submit=1&install=iptables-mod-conntrack-extra"
 103                 )
 104         end
 105 end
 106 o.title = translate("Forward recentrst")
 107 o.description = translate("Forward those packets whose dst have recently sent to us multiple tcp-rst")
 108
 109 return m