8 'require tools.widgets as widgets';
13 function handleAction(ev
) {
14 fs
.exec_direct('/etc/init.d/banip', [ev
])
20 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.custom.feeds'), ''),
21 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.feeds'), ''),
22 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.countries'), ''),
27 render: function (result
) {
30 m
= new form
.Map('banip', 'banIP', _('Configuration of the banIP package to ban incoming and outgoing IPs via named nftables Sets. \
31 For further information <a href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >check the online documentation</a>'));
34 poll runtime information
36 let buttons
, rtRes
, infStat
, infVer
, infElements
, infFeeds
, infDevices
, infUplink
, infSystem
, nftInfos
, runInfos
, infFlags
, last_run
38 pollData
: poll
.add(function () {
39 return L
.resolveDefault(fs
.stat('/var/run/banip.lock')).then(function (stat
) {
40 buttons
= document
.querySelectorAll('.cbi-button');
41 infStat
= document
.getElementById('status');
43 for (let i
= 0; i
< buttons
.length
; i
++) {
44 buttons
[i
].setAttribute('disabled', 'true');
46 if (infStat
&& !infStat
.classList
.contains('spinning')) {
47 infStat
.classList
.add('spinning');
50 for (let i
= 0; i
< buttons
.length
; i
++) {
51 buttons
[i
].removeAttribute('disabled');
53 if (infStat
&& infStat
.classList
.contains('spinning')) {
54 infStat
.classList
.remove('spinning');
57 L
.resolveDefault(fs
.exec_direct('/etc/init.d/banip', ['status'])).then(function (result
) {
59 rtRes
= result
.trim().split('\n');
61 for (let i
= 0; i
< rtRes
.length
; i
++) {
62 if (rtRes
[i
].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)) {
63 rtRes
.status
= rtRes
[i
].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)[1];
64 } else if (rtRes
[i
].match(/^\s+\+\sversion\s+\:\s+(.*)$/)) {
65 rtRes
.version
= rtRes
[i
].match(/^\s+\+\sversion\s+\:\s+(.*)$/)[1];
66 } else if (rtRes
[i
].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)) {
67 rtRes
.elementCount
= rtRes
[i
].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)[1];
68 } else if (rtRes
[i
].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)) {
69 rtRes
.activeFeeds
= rtRes
[i
].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)[1];
70 } else if (rtRes
[i
].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)) {
71 rtRes
.activeDevices
= rtRes
[i
].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)[1];
72 } else if (rtRes
[i
].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)) {
73 rtRes
.activeUplink
= rtRes
[i
].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)[1];
74 } else if (rtRes
[i
].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)) {
75 rtRes
.nftInfo
= rtRes
[i
].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)[1];
76 } else if (rtRes
[i
].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)) {
77 rtRes
.runInfo
= rtRes
[i
].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)[1];
78 } else if (rtRes
[i
].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)) {
79 rtRes
.runFlags
= rtRes
[i
].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)[1];
80 } else if (rtRes
[i
].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)) {
81 rtRes
.lastRun
= rtRes
[i
].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)[1];
82 } else if (rtRes
[i
].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)) {
83 rtRes
.systemInfo
= rtRes
[i
].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)[1];
88 infStat
= document
.getElementById('status');
90 infStat
.textContent
= rtRes
.status
|| '-';
92 infVer
= document
.getElementById('version');
94 infVer
.textContent
= rtRes
.version
|| '-';
96 infElements
= document
.getElementById('elements');
98 infElements
.textContent
= rtRes
.elementCount
|| '-';
100 infFeeds
= document
.getElementById('feeds');
102 infFeeds
.textContent
= rtRes
.activeFeeds
|| '-';
104 infDevices
= document
.getElementById('devices');
106 infDevices
.textContent
= rtRes
.activeDevices
|| '-';
108 infUplink
= document
.getElementById('uplink');
110 infUplink
.textContent
= rtRes
.activeUplink
|| '-';
112 nftInfos
= document
.getElementById('nft');
114 nftInfos
.textContent
= rtRes
.nftInfo
|| '-';
116 runInfos
= document
.getElementById('run');
118 runInfos
.textContent
= rtRes
.runInfo
|| '-';
120 infFlags
= document
.getElementById('flags');
122 infFlags
.textContent
= rtRes
.runFlags
|| '-';
124 last_run
= document
.getElementById('last');
126 last_run
.textContent
= rtRes
.lastRun
|| '-';
128 infSystem
= document
.getElementById('system');
130 infSystem
.textContent
= rtRes
.systemInfo
|| '-';
134 infStat
= document
.getElementById('status');
136 infStat
.textContent
= '-';
138 if (infStat
.classList
.contains('spinning')) {
139 infStat
.classList
.remove('spinning');
148 runtime information and buttons
150 s
= m
.section(form
.NamedSection
, 'global');
151 s
.render
= L
.bind(function (view
, section_id
) {
152 return E('div', { 'class': 'cbi-section' }, [
153 E('h3', _('Information')),
154 E('div', { 'class': 'cbi-value' }, [
155 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Status')),
156 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'color:#37c' }, '\xa0')
158 E('div', { 'class': 'cbi-value' }, [
159 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Version')),
160 E('div', { 'class': 'cbi-value-field', 'id': 'version', 'style': 'color:#37c' }, '-')
162 E('div', { 'class': 'cbi-value' }, [
163 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Element Count')),
164 E('div', { 'class': 'cbi-value-field', 'id': 'elements', 'style': 'color:#37c' }, '-')
166 E('div', { 'class': 'cbi-value' }, [
167 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Feeds')),
168 E('div', { 'class': 'cbi-value-field', 'id': 'feeds', 'style': 'color:#37c' }, '-')
170 E('div', { 'class': 'cbi-value' }, [
171 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Devices')),
172 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'color:#37c' }, '-')
174 E('div', { 'class': 'cbi-value' }, [
175 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Active Uplink')),
176 E('div', { 'class': 'cbi-value-field', 'id': 'uplink', 'style': 'color:#37c' }, '-')
178 E('div', { 'class': 'cbi-value' }, [
179 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('NFT Information')),
180 E('div', { 'class': 'cbi-value-field', 'id': 'nft', 'style': 'color:#37c' }, '-')
182 E('div', { 'class': 'cbi-value' }, [
183 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Run Information')),
184 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'color:#37c' }, '-')
186 E('div', { 'class': 'cbi-value' }, [
187 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Run Flags')),
188 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'color:#37c' }, '-')
190 E('div', { 'class': 'cbi-value' }, [
191 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('Last Run')),
192 E('div', { 'class': 'cbi-value-field', 'id': 'last', 'style': 'color:#37c' }, '-')
194 E('div', { 'class': 'cbi-value' }, [
195 E('label', { 'class': 'cbi-value-title', 'style': 'padding-top:0rem' }, _('System Information')),
196 E('div', { 'class': 'cbi-value-field', 'id': 'system', 'style': 'color:#37c' }, '-')
198 E('div', { class: 'right' }, [
200 'class': 'btn cbi-button cbi-button-action',
201 'click': ui
.createHandlerFn(this, function () {
202 return handleAction('lookup');
204 }, [_('Domain Lookup')]),
207 'class': 'btn cbi-button cbi-button-negative',
208 'click': ui
.createHandlerFn(this, function () {
209 return handleAction('stop');
214 'class': 'btn cbi-button cbi-button-positive',
215 'click': ui
.createHandlerFn(this, function () {
216 return handleAction('reload');
221 'class': 'btn cbi-button cbi-button-positive',
222 'click': ui
.createHandlerFn(this, function () {
223 return handleAction('restart');
232 tabbed config section
234 s
= m
.section(form
.NamedSection
, 'global', 'banip', _('Settings'));
236 s
.tab('general', _('General Settings'));
237 s
.tab('advanced', _('Advanced Settings'));
238 s
.tab('adv_chain', _('Chain/Set Settings'));
239 s
.tab('adv_log', _('Log Settings'));
240 s
.tab('adv_email', _('E-Mail Settings'));
241 s
.tab('feeds', _('Feed Selection'));
246 o
= s
.taboption('general', form
.Flag
, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
249 o
= s
.taboption('general', form
.Flag
, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of processing errors.'));
252 o
= s
.taboption('general', form
.Flag
, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network devices, interfaces, subnets, protocols and utilities automatically.'));
255 o
= s
.taboption('general', form
.Flag
, 'ban_protov4', _('IPv4 Support'), _('Enables IPv4 support.'));
256 o
.depends('ban_autodetect', '0');
260 o
= s
.taboption('general', form
.Flag
, 'ban_protov6', _('IPv6 Support'), _('Enables IPv6 support.'));
261 o
.depends('ban_autodetect', '0');
265 o
= s
.taboption('general', widgets
.DeviceSelect
, 'ban_dev', _('Network Devices'), _('Select the WAN network device(s).'));
266 o
.depends('ban_autodetect', '0');
272 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_ifv4', _('Network Interfaces'), _('Select the logical WAN IPv4 network interface(s).'));
273 o
.depends('ban_autodetect', '0');
279 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_ifv6', _('Network Interfaces'), _('Select the logical WAN IPv6 network interface(s).'));
280 o
.depends('ban_autodetect', '0');
286 o
= s
.taboption('general', form
.ListValue
, 'ban_fetchcmd', _('Download Utility'), _('Select one of the pre-configured download utilities.'));
287 o
.depends('ban_autodetect', '0');
288 o
.value('uclient-fetch');
295 o
= s
.taboption('general', form
.Value
, 'ban_fetchparm', _('Download Parameters'), _('Override the pre-configured download options for the selected download utility.'))
296 o
.depends('ban_autodetect', '0');
300 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_trigger', _('Startup Trigger Interface'), _('List of available network interfaces to trigger the banIP start.'));
305 o
= s
.taboption('general', form
.Value
, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds before banIP processing actually starts.'));
306 o
.placeholder
= '10';
307 o
.datatype
= 'range(1,300)';
310 o
= s
.taboption('general', form
.ListValue
, 'ban_triggeraction', _('Trigger Action'), _('Trigger action on ifup interface events.'));
311 o
.value('start', _('start (default)'));
312 o
.value('reload', _('reload'));
313 o
.value('restart', _('restart'));
317 o
= s
.taboption('general', form
.ListValue
, 'ban_fetchretry', _('Download Retries'), _('Number of download attempts in case of an error (not supported by uclient-fetch).'));
318 o
.value('1', _('1'));
319 o
.value('3', _('3'));
320 o
.value('5', _('5 (default)'));
321 o
.value('10', _('10'));
322 o
.value('20', _('20'));
326 o
= s
.taboption('general', form
.Flag
, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
330 additional settings tab
332 o
= s
.taboption('advanced', form
.DummyValue
, '_sub');
334 o
.default = '<em><b>' + _('Changes on this tab needs a banIP service restart to take effect.') + '</b></em>';
336 o
= s
.taboption('advanced', form
.ListValue
, 'ban_nicelimit', _('Nice Level'), _('The selected priority will be used for banIP background processing.'));
337 o
.value('-20', _('Highest Priority'));
338 o
.value('-10', _('High Priority'));
339 o
.value('0', _('Normal Priority (default)'));
340 o
.value('10', _('Less Priority'));
341 o
.value('19', _('Least Priority'));
345 o
= s
.taboption('advanced', form
.ListValue
, 'ban_filelimit', _('Max Open Files'), _('Increase the maximal number of open files, e.g. to handle the amount of temporary split files while loading the Sets.'));
346 o
.value('512', _('512'));
347 o
.value('1024', _('1024 (default)'));
348 o
.value('2048', _('2048'));
349 o
.value('4096', _('4096'));
353 o
= s
.taboption('advanced', form
.ListValue
, 'ban_cores', _('CPU Cores'), _('Limit the cpu cores used by banIP to save RAM.'));
362 o
= s
.taboption('advanced', form
.ListValue
, 'ban_splitsize', _('Set Split Size'), _('Split external Set loading after every n members to save RAM.'));
371 o
= s
.taboption('advanced', form
.Value
, 'ban_basedir', _('Base Directory'), _('Base working directory while banIP processing.'));
372 o
.placeholder
= '/tmp';
375 o
= s
.taboption('advanced', form
.Value
, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed feed backups.'));
376 o
.placeholder
= '/tmp/banIP-backup';
379 o
= s
.taboption('advanced', form
.Value
, 'ban_reportdir', _('Report Directory'), _('Target directory for banIP-related report files.'));
380 o
.placeholder
= '/tmp/banIP-report';
383 o
= s
.taboption('advanced', form
.Flag
, 'ban_deduplicate', _('Deduplicate IPs'), _('Deduplicate IP addresses across all active Sets and tidy up the local blocklist.'));
387 o
= s
.taboption('advanced', form
.Flag
, 'ban_reportelements', _('Report Elements'), _('List Set elements in the status and report, disable this to reduce the CPU load.'));
392 advanced chain/set settings tab
394 o
= s
.taboption('adv_chain', form
.DummyValue
, '_sub');
396 o
.default = '<em><b>' + _('Changes on this tab needs a banIP service restart to take effect.') + '</b></em>';
398 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_nftpolicy', _('NFT Set Policy'), _('Set the nft policy for banIP-related Sets.'));
399 o
.value('memory', _('memory (default)'));
400 o
.value('performance', _('performance'));
404 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_nftpriority', _('NFT Chain Priority'), _('Set the nft chain priority within the banIP table. Please note: lower values means higher priority.'));
405 o
.value('0', _('0'));
406 o
.value('-100', _('-100'));
407 o
.value('-200', _('-200 (default)'));
408 o
.value('-300', _('-300'));
409 o
.value('-400', _('-400'));
413 o
= s
.taboption('adv_chain', widgets
.DeviceSelect
, 'ban_vlanallow', _('Allow VLAN Forwads'), _('Always allow certain VLAN forwards.'));
419 o
= s
.taboption('adv_chain', widgets
.DeviceSelect
, 'ban_vlanblock', _('Block VLAN Forwads'), _('Always block certain VLAN forwards.'));
425 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_blockpolicy', _('Default Block Policy'), _('By default each feed is active in all supported chains. Limit the default block policy to a certain chain.'));
426 o
.value('input', _('WAN-Input Chain'));
427 o
.value('forwardwan', _('WAN-Forward Chain'));
428 o
.value('forwardlan', _('LAN-Forward Chain'));
432 let feed
, feeds
, descr
;
434 feeds
= JSON
.parse(result
[0]);
435 } else if (result
[1]) {
436 feeds
= JSON
.parse(result
[1]);
439 o
= s
.taboption('adv_chain', form
.MultiValue
, 'ban_blockinput', _('WAN-Input Chain'), _('Limit certain feeds to the WAN-Input chain.'));
440 o
.value('allowlist', _('local allowlist'));
441 o
.value('blocklist', _('local blocklist'));
442 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
443 feed
= Object
.keys(feeds
)[i
].trim();
449 o
= s
.taboption('adv_chain', form
.MultiValue
, 'ban_blockforwardwan', _('WAN-Forward Chain'), _('Limit certain feeds to the WAN-Forward chain.'));
450 o
.value('allowlist', _('local allowlist'));
451 o
.value('blocklist', _('local blocklist'));
452 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
453 feed
= Object
.keys(feeds
)[i
].trim();
459 o
= s
.taboption('adv_chain', form
.MultiValue
, 'ban_blockforwardlan', _('LAN-Forward Chain'), _('Limit certain feeds to the LAN-Forward chain.'));
460 o
.value('allowlist', _('local allowlist'));
461 o
.value('blocklist', _('local blocklist'));
462 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
463 feed
= Object
.keys(feeds
)[i
].trim();
471 advanced log settings tab
473 o
= s
.taboption('adv_log', form
.DummyValue
, '_sub');
475 o
.default = '<em><b>' + _('Changes on this tab needs a banIP service restart to take effect.') + '</b></em>';
477 o
= s
.taboption('adv_log', form
.ListValue
, 'ban_nftloglevel', _('Log Level'), _('Set the syslog level for NFT logging.'));
478 o
.value('emerg', _('emerg'));
479 o
.value('alert', _('alert'));
480 o
.value('crit', _('crit'));
481 o
.value('err', _('err'));
482 o
.value('warn', _('warn (default)'));
483 o
.value('notice', _('notice'));
484 o
.value('info', _('info'));
485 o
.value('debug', _('debug'));
489 o
= s
.taboption('adv_log', form
.Flag
, 'ban_loginput', _('Log WAN-Input'), _('Log suspicious incoming WAN packets (dropped).'));
493 o
= s
.taboption('adv_log', form
.Flag
, 'ban_logforwardwan', _('Log WAN-Forward'), _('Log suspicious forwarded WAN packets (dropped).'));
497 o
= s
.taboption('adv_log', form
.Flag
, 'ban_logforwardlan', _('Log LAN-Forward'), _('Log suspicious forwarded LAN packets (rejected).'));
500 o
= s
.taboption('adv_log', form
.ListValue
, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events. To disable the log monitor at all set it to \'0\'.'));
501 o
.value('0', _('0 (disable)'));
502 o
.value('50', _('50'));
503 o
.value('100', _('100 (default)'));
504 o
.value('250', _('250'));
505 o
.value('500', _('500'));
506 o
.value('1000', _('1000'));
510 o
= s
.taboption('adv_log', form
.Value
, 'ban_logcount', _('Log Count'), _('Number of failed login attempts of the same IP in the log before blocking.'));
512 o
.datatype
= 'range(1,10)';
515 o
= s
.taboption('adv_log', form
.DynamicList
, 'ban_logterm', _('Log Terms'), _('The default log terms / regular expressions are filtering suspicious ssh, LuCI, nginx and asterisk traffic.'));
520 advanced email settings tab
522 o
= s
.taboption('adv_email', form
.DummyValue
, '_sub');
524 o
.default = '<em><b>' + _('To enable email notifications, set up the \'msmtp\' package and specify a vaild E-Mail receiver address.') + '</b></em>';
526 o
= s
.taboption('adv_email', form
.Flag
, 'ban_mailnotification', _('E-Mail Notification'), _('Receive E-Mail notifications with every banIP run.'));
529 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification E-Mails, this information is required to enable E-Mail functionality.'));
530 o
.placeholder
= 'name@example.com';
533 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
534 o
.placeholder
= 'no-reply@banIP';
537 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
538 o
.placeholder
= 'banIP notification';
541 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
542 o
.placeholder
= 'ban_notify';
543 o
.datatype
= 'uciname';
549 o
= s
.taboption('feeds', form
.DummyValue
, '_sub');
551 o
.default = '<em><b>' + _('External blocklist feeds') + '</b></em>';
554 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_feed', _('Blocklist Feed Selection'));
555 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
556 feed
= Object
.keys(feeds
)[i
].trim();
557 descr
= feeds
[feed
].descr
.trim() || '-';
558 o
.value(feed
, feed
+ ' (' + descr
+ ')');
564 let code
, country
, countries
= [];
566 countries
= result
[2].trim().split('\n');
568 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_country', _('Countries'));
569 for (let i
= 0; i
< countries
.length
; i
++) {
570 code
= countries
[i
].match(/^(\w+);/)[1].trim();
571 country
= countries
[i
].match(/^\w+;(.*$)/)[1].trim();
572 o
.value(code
, country
);
578 o
= s
.taboption('feeds', form
.DynamicList
, 'ban_asn', _('ASNs'));
579 o
.datatype
= 'uinteger';
583 o
= s
.taboption('feeds', form
.DummyValue
, '_feeds');
585 o
.default = '<hr style="width: 200px; height: 1px;" /><em><b>' + _('External allowlist feeds') + '</b></em>';
587 o
= s
.taboption('feeds', form
.DynamicList
, 'ban_allowurl', _('Allowlist Feed Selection'));
590 o
.validate = function (section_id
, value
) {
594 if (!value
.match(/^(http:\/\/|https:\/\/)[A-Za-z0-9\/\.\-_\?\&\+=:~#]+$/)) {
595 return _('Protocol/URL format not supported');
600 o
= s
.taboption('feeds', form
.DummyValue
, '_feeds');
602 o
.default = '<hr style="width: 200px; height: 1px;" /><em><b>' + _('Local feed settings') + '</b></em>';
604 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoallowlist', _('Auto Allowlist'), _('Automatically add resolved domains and uplink IPs to the local banIP allowlist.'));
608 o
= s
.taboption('feeds', form
.ListValue
, 'ban_autoallowuplink', _('Auto Allow Uplink'), _('Limit the uplink autoallow function.'));
609 o
.depends('ban_autoallowlist', '1');
610 o
.value('disable', _('Disable'));
611 o
.value('subnet', _('Subnet (default)'));
612 o
.value('ip', _('IP'));
616 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoblocklist', _('Auto Blocklist'), _('Automatically add resolved domains and suspicious IPs to the local banIP blocklist.'));
620 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoblocksubnet', _('Auto Block Subnet'), _('Automatically add entire subnets to the blocklist Set based on an additional RDAP request with the suspicious IP.'));
625 o
= s
.taboption('feeds', form
.ListValue
, 'ban_nftexpiry', _('Blocklist Set Expiry'), _('Expiry time for auto added blocklist Set members.'));
635 o
= s
.taboption('feeds', form
.Flag
, 'ban_allowlistonly', _('Allowlist Only'), _('Restrict the internet access from/to a small number of secure IPs.'));