projects / project / luci.git / blob
? search:


55c417e135cda961d23864977b0e21a723122be4
[project/luci.git] / applications / luci-firewall / luasrc / tools / firewall.lua
1 --[[
2 LuCI - Lua Configuration Interface
3
4 Copyright 2011 Jo-Philipp Wich <xm@subsignal.org>
5
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
9
10 http://www.apache.org/licenses/LICENSE-2.0
11
12 $Id$
13 ]]--
14
15 module("luci.tools.firewall", package.seeall)
16
17 local ut = require "luci.util"
18 local ip = require "luci.ip"
19 local nx = require "nixio"
20
21 local translate, translatef = luci.i18n.translate, luci.i18n.translatef
22
23 local function tr(...)
24 return tostring(translate(...))
25 end
26
27 function fmt_neg(x)
28 if type(x) == "string" then
29 local v, neg = x:gsub("^ *! *", "")
30 if neg > 0 then
31 return v, "%s " % tr("not")
32 else
33 return x, ""
34 end
35 end
36 return x, ""
37 end
38
39 function fmt_mac(x)
40 if x and #x > 0 then
41 local m, n
42 local l = { tr("MAC"), " " }
43 for m in ut.imatch(x) do
44 m, n = fmt_neg(m)
45 l[#l+1] = "<var>%s%s</var>" %{ n, m }
46 l[#l+1] = ", "
47 end
48 if #l > 1 then
49 l[#l] = nil
50 if #l > 3 then
51 l[1] = tr("MACs")
52 end
53 return table.concat(l, "")
54 end
55 end
56 end
57
58 function fmt_port(x, d)
59 if x and #x > 0 then
60 local p, n
61 local l = { tr("port"), " " }
62 for p in ut.imatch(x) do
63 p, n = fmt_neg(p)
64 local a, b = p:match("(%d+)%D+(%d+)")
65 if a and b then
66 l[1] = tr("ports")
67 l[#l+1] = "<var>%s%d-%d</var>" %{ n, a, b }
68 else
69 l[#l+1] = "<var>%s%d</var>" %{ n, p }
70 end
71 l[#l+1] = ", "
72 end
73 if #l > 1 then
74 l[#l] = nil
75 if #l > 3 then
76 l[1] = tr("ports")
77 end
78 return table.concat(l, "")
79 end
80 end
81 return d and "<var>%s</var>" % d
82 end
83
84 function fmt_ip(x, d)
85 if x and #x > 0 then
86 local l = { tr("IP"), " " }
87 local v, a, n
88 for v in ut.imatch(x) do
89 v, n = fmt_neg(v)
90 a, m = v:match("(%S+)/(%d+%.%S+)")
91 a = a or v
92 a = a:match(":") and ip.IPv6(a, m) or ip.IPv4(a, m)
93 if a and (a:is6() and a:prefix() < 128 or a:prefix() < 32) then
94 l[1] = tr("IP range")
95 l[#l+1] = "<var title='%s - %s'>%s%s</var>" %{
96 a:minhost():string(),
97 a:maxhost():string(),
98 n, a:string()
99 }
100 else
101 l[#l+1] = "<var>%s%s</var>" %{
102 n,
103 a and a:string() or v
104 }
105 end
106 l[#l+1] = ", "
107 end
108 if #l > 1 then
109 l[#l] = nil
110 if #l > 3 then
111 l[1] = tr("IPs")
112 end
113 return table.concat(l, "")
114 end
115 end
116 return d and "<var>%s</var>" % d
117 end
118
119 function fmt_zone(x, d)
120 if x == "*" then
121 return "<var>%s</var>" % tr("any zone")
122 elseif x and #x > 0 then
123 return "<var>%s</var>" % x
124 elseif d then
125 return "<var>%s</var>" % d
126 end
127 end
128
129 function fmt_icmp_type(x)
130 if x and #x > 0 then
131 local t, v, n
132 local l = { tr("type"), " " }
133 for v in ut.imatch(x) do
134 v, n = fmt_neg(v)
135 l[#l+1] = "<var>%s%s</var>" %{ n, v }
136 l[#l+1] = ", "
137 end
138 if #l > 1 then
139 l[#l] = nil
140 if #l > 3 then
141 l[1] = tr("types")
142 end
143 return table.concat(l, "")
144 end
145 end
146 end
147
148 function fmt_proto(x, icmp_types)
149 if x and #x > 0 then
150 local v, n
151 local l = { }
152 local t = fmt_icmp_type(icmp_types)
153 for v in ut.imatch(x) do
154 v, n = fmt_neg(v)
155 if v == "tcpudp" then
156 l[#l+1] = "TCP"
157 l[#l+1] = "UDP"
158 l[#l+1] = ", "
159 elseif v ~= "all" then
160 local p = nx.getproto(v)
161 if p then
162 -- ICMP
163 if (p.proto == 1 or p.proto == 58) and t then
164 l[#l+1] = translatef(
165 "%s%s with %s",
166 n, p.aliases[1] or p.name, t
167 )
168 else
169 l[#l+1] = "%s%s" %{
170 n,
171 p.aliases[1] or p.name
172 }
173 end
174 l[#l+1] = ", "
175 end
176 end
177 end
178 if #l > 0 then
179 l[#l] = nil
180 return table.concat(l, "")
181 end
182 end
183 end
184
185 function fmt_limit(limit, burst)
186 burst = tonumber(burst)
187 if limit and #limit > 0 then
188 local l, u = limit:match("(%d+)/(%w+)")
189 l = tonumber(l or limit)
190 u = u or "second"
191 if l then
192 if u:match("^s") then
193 u = tr("second")
194 elseif u:match("^m") then
195 u = tr("minute")
196 elseif u:match("^h") then
197 u = tr("hour")
198 elseif u:match("^d") then
199 u = tr("day")
200 end
201 if burst and burst > 0 then
202 return translatef("<var>%d</var> pkts. per <var>%s</var>, \
203 burst <var>%d</var> pkts.", l, u, burst)
204 else
205 return translatef("<var>%d</var> pkts. per <var>%s</var>", l, u)
206 end
207 end
208 end
209 end
210
211 function fmt_target(x, dest)
212 if dest and #dest > 0 then
213 if x == "ACCEPT" then
214 return tr("Accept forward")
215 elseif x == "REJECT" then
216 return tr("Refuse forward")
217 elseif x == "NOTRACK" then
218 return tr("Do not track forward")
219 else --if x == "DROP" then
220 return tr("Discard forward")
221 end
222 else
223 if x == "ACCEPT" then
224 return tr("Accept input")
225 elseif x == "REJECT" then
226 return tr("Refuse input")
227 elseif x == "NOTRACK" then
228 return tr("Do not track input")
229 else --if x == "DROP" then
230 return tr("Discard input")
231 end
232 end
233 end
234
235
236 function opt_enabled(s, t, ...)
237 if t == luci.cbi.Button then
238 local o = s:option(t, "__enabled")
239 function o.render(self, section)
240 if self.map:get(section, "enabled") ~= "0" then
241 self.title = tr("Rule is enabled")
242 self.inputtitle = tr("Disable")
243 self.inputstyle = "reset"
244 else
245 self.title = tr("Rule is disabled")
246 self.inputtitle = tr("Enable")
247 self.inputstyle = "apply"
248 end
249 t.render(self, section)
250 end
251 function o.write(self, section, value)
252 if self.map:get(section, "enabled") ~= "0" then
253 self.map:set(section, "enabled", "0")
254 else
255 self.map:del(section, "enabled")
256 end
257 end
258 return o
259 else
260 local o = s:option(t, "enabled", ...)
261 o.enabled = ""
262 o.disabled = "0"
263 o.default = o.enabled
264 return o
265 end
266 end
267
268 function opt_name(s, t, ...)
269 local o = s:option(t, "name", ...)
270
271 function o.cfgvalue(self, section)
272 return self.map:get(section, "name") or
273 self.map:get(section, "_name") or "-"
274 end
275
276 function o.write(self, section, value)
277 if value ~= "-" then
278 self.map:set(section, "name", value)
279 self.map:del(section, "_name")
280 else
281 self:remove(section)
282 end
283 end
284
285 function o.remove(self, section)
286 self.map:del(section, "name")
287 self.map:del(section, "_name")
288 end
289
290 return o
291 end
Lua Configuration Interface (mirror)