projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #7290 from stangri/master-luci-app-pbr
[project/luci.git] / applications / luci-app-banip / htdocs / luci-static / resources / view / banip / overview.js
1 'use strict';
2 'require dom';
3 'require view';
4 'require poll';
5 'require fs';
6 'require ui';
7 'require uci';
8 'require form';
9 'require tools.widgets as widgets';
10
11 /*
12 button handling
13 */
14 function handleAction(ev) {
15 if (ev === 'restart' || ev === 'reload') {
16 let map = document.querySelector('.cbi-map');
17 dom.callClassMethod(map, 'save')
18 .then(L.bind(ui.changes.apply, ui.changes))
19 .then(function () {
20 return fs.exec_direct('/etc/init.d/banip', [ev]);
21 });
22 } else {
23 return fs.exec_direct('/etc/init.d/banip', [ev]);
24 }
25 }
26
27 return view.extend({
28 load: function () {
29 return Promise.all([
30 L.resolveDefault(fs.read_direct('/etc/banip/banip.custom.feeds'), ''),
31 L.resolveDefault(fs.read_direct('/etc/banip/banip.feeds'), ''),
32 L.resolveDefault(fs.read_direct('/etc/banip/banip.countries'), ''),
33 uci.load('banip')
34 ]);
35 },
36
37 render: function (result) {
38 let m, s, o;
39
40 m = new form.Map('banip', 'banIP', _('Configuration of the banIP package to ban incoming and outgoing IPs via named nftables Sets. \
41 For further information please check the <a style="color:#37c;font-weight:bold;" href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >online documentation</a>'));
42
43 /*
44 poll runtime information
45 */
46 let buttons, rtRes, infStat, infVer, infElements, infFeeds, infDevices, infUplink, infSystem, nftInfos, runInfos, infFlags, last_run
47
48 pollData: poll.add(function () {
49 return L.resolveDefault(fs.stat('/var/run/banip.lock')).then(function (stat) {
50 buttons = document.querySelectorAll('.cbi-button');
51 infStat = document.getElementById('status');
52 if (stat) {
53 for (let i = 0; i < buttons.length; i++) {
54 buttons[i].setAttribute('disabled', 'true');
55 }
56 if (infStat && !infStat.classList.contains('spinning')) {
57 infStat.classList.add('spinning');
58 }
59 } else {
60 for (let i = 0; i < buttons.length; i++) {
61 buttons[i].removeAttribute('disabled');
62 }
63 if (infStat && infStat.classList.contains('spinning')) {
64 infStat.classList.remove('spinning');
65 }
66 }
67 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['status'])).then(function (result) {
68 if (result) {
69 rtRes = result.trim().split('\n');
70 if (rtRes) {
71 for (let i = 0; i < rtRes.length; i++) {
72 if (rtRes[i].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)) {
73 rtRes.status = rtRes[i].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)[1];
74 } else if (rtRes[i].match(/^\s+\+\sversion\s+\:\s+(.*)$/)) {
75 rtRes.version = rtRes[i].match(/^\s+\+\sversion\s+\:\s+(.*)$/)[1];
76 } else if (rtRes[i].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)) {
77 rtRes.elementCount = rtRes[i].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)[1];
78 } else if (rtRes[i].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)) {
79 rtRes.activeFeeds = rtRes[i].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)[1];
80 } else if (rtRes[i].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)) {
81 rtRes.activeDevices = rtRes[i].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)[1];
82 } else if (rtRes[i].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)) {
83 rtRes.activeUplink = rtRes[i].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)[1];
84 } else if (rtRes[i].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)) {
85 rtRes.nftInfo = rtRes[i].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)[1];
86 } else if (rtRes[i].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)) {
87 rtRes.runInfo = rtRes[i].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)[1];
88 } else if (rtRes[i].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)) {
89 rtRes.runFlags = rtRes[i].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)[1];
90 } else if (rtRes[i].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)) {
91 rtRes.lastRun = rtRes[i].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)[1];
92 } else if (rtRes[i].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)) {
93 rtRes.systemInfo = rtRes[i].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)[1];
94 }
95 }
96 }
97 if (rtRes) {
98 infStat = document.getElementById('status');
99 if (infStat) {
100 infStat.textContent = rtRes.status || '-';
101 }
102 infVer = document.getElementById('version');
103 if (infVer) {
104 infVer.textContent = rtRes.version || '-';
105 }
106 infElements = document.getElementById('elements');
107 if (infElements) {
108 infElements.textContent = rtRes.elementCount || '-';
109 }
110 infFeeds = document.getElementById('feeds');
111 if (infFeeds) {
112 infFeeds.textContent = rtRes.activeFeeds || '-';
113 }
114 infDevices = document.getElementById('devices');
115 if (infDevices) {
116 infDevices.textContent = rtRes.activeDevices || '-';
117 }
118 infUplink = document.getElementById('uplink');
119 if (infUplink) {
120 infUplink.textContent = rtRes.activeUplink || '-';
121 }
122 nftInfos = document.getElementById('nft');
123 if (nftInfos) {
124 nftInfos.textContent = rtRes.nftInfo || '-';
125 }
126 runInfos = document.getElementById('run');
127 if (runInfos) {
128 runInfos.textContent = rtRes.runInfo || '-';
129 }
130 infFlags = document.getElementById('flags');
131 if (infFlags) {
132 infFlags.textContent = rtRes.runFlags || '-';
133 }
134 last_run = document.getElementById('last');
135 if (last_run) {
136 last_run.textContent = rtRes.lastRun || '-';
137 }
138 infSystem = document.getElementById('system');
139 if (infSystem) {
140 infSystem.textContent = rtRes.systemInfo || '-';
141 }
142 }
143 } else {
144 infStat = document.getElementById('status');
145 if (infStat) {
146 infStat.textContent = '-';
147 poll.stop();
148 if (infStat.classList.contains('spinning')) {
149 infStat.classList.remove('spinning');
150 }
151 }
152 }
153 });
154 });
155 }, 2);
156
157 /*
158 runtime information and buttons
159 */
160 s = m.section(form.NamedSection, 'global');
161 s.render = L.bind(function (view, section_id) {
162 return E('div', { 'class': 'cbi-section' }, [
163 E('h3', _('Information')),
164 E('div', { 'class': 'cbi-value' }, [
165 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Status')),
166 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '\xa0')
167 ]),
168 E('div', { 'class': 'cbi-value' }, [
169 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Version')),
170 E('div', { 'class': 'cbi-value-field', 'id': 'version', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
171 ]),
172 E('div', { 'class': 'cbi-value' }, [
173 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Element Count')),
174 E('div', { 'class': 'cbi-value-field', 'id': 'elements', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
175 ]),
176 E('div', { 'class': 'cbi-value' }, [
177 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Active Feeds')),
178 E('div', { 'class': 'cbi-value-field', 'id': 'feeds', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
179 ]),
180 E('div', { 'class': 'cbi-value' }, [
181 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Active Devices')),
182 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
183 ]),
184 E('div', { 'class': 'cbi-value' }, [
185 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Active Uplink')),
186 E('div', { 'class': 'cbi-value-field', 'id': 'uplink', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
187 ]),
188 E('div', { 'class': 'cbi-value' }, [
189 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('NFT Information')),
190 E('div', { 'class': 'cbi-value-field', 'id': 'nft', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
191 ]),
192 E('div', { 'class': 'cbi-value' }, [
193 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Run Information')),
194 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
195 ]),
196 E('div', { 'class': 'cbi-value' }, [
197 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Run Flags')),
198 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
199 ]),
200 E('div', { 'class': 'cbi-value' }, [
201 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('Last Run')),
202 E('div', { 'class': 'cbi-value-field', 'id': 'last', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
203 ]),
204 E('div', { 'class': 'cbi-value' }, [
205 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;font-weight:bold;padding-top:0rem;' }, _('System Information')),
206 E('div', { 'class': 'cbi-value-field', 'id': 'system', 'style': 'margin-bottom:-5px;color:#37c;font-weight:bold;' }, '-')
207 ]),
208 E('div', { class: 'right' }, [
209 E('button', {
210 'class': 'btn cbi-button cbi-button-action',
211 'click': ui.createHandlerFn(this, function () {
212 return handleAction('lookup');
213 })
214 }, [_('Domain Lookup')]),
215 '\xa0',
216 E('button', {
217 'class': 'btn cbi-button cbi-button-negative',
218 'click': ui.createHandlerFn(this, function () {
219 return handleAction('stop');
220 })
221 }, [_('Stop')]),
222 '\xa0',
223 E('button', {
224 'class': 'btn cbi-button cbi-button-positive',
225 'click': ui.createHandlerFn(this, function () {
226 return handleAction('reload');
227 })
228 }, [_('Reload')]),
229 '\xa0',
230 E('button', {
231 'class': 'btn cbi-button cbi-button-positive',
232 'click': ui.createHandlerFn(this, function () {
233 return handleAction('restart');
234 })
235 }, [_('Restart')]),
236 '\xa0'
237 ])
238 ]);
239 }, o, this);
240 this.pollData;
241
242 /*
243 tabbed config section
244 */
245 s = m.section(form.NamedSection, 'global', 'banip', _('Settings'));
246 s.addremove = false;
247 s.tab('general', _('General Settings'));
248 s.tab('advanced', _('Advanced Settings'));
249 s.tab('adv_chain', _('Table/Chain Settings'));
250 s.tab('adv_set', _('Feed/Set Settings'));
251 s.tab('adv_log', _('Log Settings'));
252 s.tab('adv_email', _('E-Mail Settings'));
253 s.tab('feeds', _('Feed Selection'));
254
255 /*
256 general settings tab
257 */
258 o = s.taboption('general', form.DummyValue, '_sub');
259 o.rawhtml = true;
260 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>'
261 + '<hr style="width: 200px; height: 1px;" />';
262
263 o = s.taboption('general', form.Flag, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
264 o.rmempty = false;
265
266 o = s.taboption('general', form.Flag, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of processing errors.'));
267 o.rmempty = false;
268
269 o = s.taboption('general', form.Flag, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network devices, interfaces, subnets, protocols and utilities automatically.'));
270 o.rmempty = false;
271
272 o = s.taboption('general', form.Flag, 'ban_protov4', _('IPv4 Support'), _('Enables IPv4 support.'));
273 o.depends('ban_autodetect', '0');
274 o.optional = true;
275 o.retain = true;
276
277 o = s.taboption('general', form.Flag, 'ban_protov6', _('IPv6 Support'), _('Enables IPv6 support.'));
278 o.depends('ban_autodetect', '0');
279 o.optional = true;
280 o.retain = true;
281
282 o = s.taboption('general', widgets.DeviceSelect, 'ban_dev', _('Network Devices'), _('Select the WAN network device(s).'));
283 o.depends('ban_autodetect', '0');
284 o.multiple = true;
285 o.nocreate = true;
286 o.optional = true;
287 o.retain = true;
288
289 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifv4', _('IPv4 Network Interfaces'), _('Select the logical WAN IPv4 network interface(s).'));
290 o.depends('ban_autodetect', '0');
291 o.multiple = true;
292 o.nocreate = true;
293 o.optional = true;
294 o.retain = true;
295
296 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifv6', _('IPv6 Network Interfaces'), _('Select the logical WAN IPv6 network interface(s).'));
297 o.depends('ban_autodetect', '0');
298 o.multiple = true;
299 o.nocreate = true;
300 o.optional = true;
301 o.retain = true;
302
303 o = s.taboption('general', form.ListValue, 'ban_fetchcmd', _('Download Utility'), _('Select one of the pre-configured download utilities.'));
304 o.depends('ban_autodetect', '0');
305 o.value('uclient-fetch');
306 o.value('wget');
307 o.value('curl');
308 o.value('aria2c');
309 o.optional = true;
310 o.retain = true;
311
312 o = s.taboption('general', form.Value, 'ban_fetchparm', _('Download Parameters'), _('Override the pre-configured download options for the selected download utility.'))
313 o.depends('ban_autodetect', '0');
314 o.optional = true;
315 o.retain = true;
316
317 o = s.taboption('general', widgets.NetworkSelect, 'ban_trigger', _('Reload Trigger Interface'), _('List of available reload trigger interface(s).'));
318 o.multiple = true;
319 o.nocreate = true;
320 o.rmempty = true;
321
322 o = s.taboption('general', form.Value, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds during interface reload and boot.'));
323 o.placeholder = '10';
324 o.datatype = 'range(1,300)';
325 o.rmempty = true;
326
327 o = s.taboption('general', form.ListValue, 'ban_fetchretry', _('Download Retries'), _('Number of download attempts in case of an error (not supported by uclient-fetch).'));
328 o.value('1');
329 o.value('3');
330 o.value('5');
331 o.value('10');
332 o.value('20');
333 o.default = '5';
334 o.placeholder = _('-- default --');
335 o.create = true;
336 o.optional = true;
337 o.rmempty = true;
338
339 o = s.taboption('general', form.Flag, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
340 o.rmempty = true;
341
342 /*
343 additional settings tab
344 */
345 o = s.taboption('advanced', form.DummyValue, '_sub');
346 o.rawhtml = true;
347 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>'
348 + '<hr style="width: 200px; height: 1px;" />';
349
350 o = s.taboption('advanced', form.ListValue, 'ban_nicelimit', _('Nice Level'), _('The selected priority will be used for banIP background processing.'));
351 o.value('-20', _('Highest Priority'));
352 o.value('-10', _('High Priority'));
353 o.value('0', _('Normal Priority'));
354 o.value('10', _('Less Priority'));
355 o.value('19', _('Least Priority'));
356 o.default = '0';
357 o.placeholder = _('-- default --');
358 o.create = true;
359 o.optional = true;
360 o.rmempty = true;
361
362 o = s.taboption('advanced', form.ListValue, 'ban_filelimit', _('Max Open Files'), _('Increase the maximal number of open files, e.g. to handle the amount of temporary split files while loading the Sets.'));
363 o.value('512');
364 o.value('1024');
365 o.value('2048');
366 o.value('4096');
367 o.default = '1024';
368 o.placeholder = _('-- default --');
369 o.create = true;
370 o.optional = true;
371 o.rmempty = true;
372
373 o = s.taboption('advanced', form.ListValue, 'ban_cores', _('CPU Cores'), _('Limit the cpu cores used by banIP to save RAM.'));
374 o.value('1');
375 o.value('2');
376 o.value('4');
377 o.value('8');
378 o.value('16');
379 o.optional = true;
380 o.rmempty = true;
381
382 o = s.taboption('advanced', form.ListValue, 'ban_splitsize', _('Set Split Size'), _('Split external Set loading after every n members to save RAM.'));
383 o.value('512');
384 o.value('1024');
385 o.value('2048');
386 o.value('4096');
387 o.value('8192');
388 o.value('16384');
389 o.optional = true;
390 o.rmempty = true;
391
392 o = s.taboption('advanced', form.Value, 'ban_basedir', _('Base Directory'), _('Base working directory while banIP processing.'));
393 o.placeholder = '/tmp';
394 o.rmempty = true;
395
396 o = s.taboption('advanced', form.Value, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed feed backups.'));
397 o.placeholder = '/tmp/banIP-backup';
398 o.rmempty = true;
399
400 o = s.taboption('advanced', form.Value, 'ban_reportdir', _('Report Directory'), _('Target directory for banIP-related report files.'));
401 o.placeholder = '/tmp/banIP-report';
402 o.rmempty = true;
403
404 o = s.taboption('advanced', form.Flag, 'ban_deduplicate', _('Deduplicate IPs'), _('Deduplicate IP addresses across all active Sets and tidy up the local blocklist.'));
405 o.default = 1
406 o.rmempty = false;
407
408 o = s.taboption('advanced', form.Flag, 'ban_reportelements', _('Report Elements'), _('List Set elements in the status and report, disable this to reduce the CPU load.'));
409 o.default = 1
410 o.optional = true;
411
412 /*
413 advanced chain settings tab
414 */
415 o = s.taboption('adv_chain', form.DummyValue, '_sub');
416 o.rawhtml = true;
417 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>'
418 + '<hr style="width: 200px; height: 1px;" />';
419
420 o = s.taboption('adv_chain', form.ListValue, 'ban_nftpriority', _('Chain Priority'), _('Set the nft chain priority within the banIP table, lower values means higher priority.'));
421 o.value('10');
422 o.value('0');
423 o.value('-100');
424 o.value('-150');
425 o.value('-200');
426 o.default = '-100';
427 o.placeholder = _('-- default --');
428 o.create = true;
429 o.optional = true;
430 o.rmempty = true;
431
432 o = s.taboption('adv_chain', form.Value, 'ban_allowflag', _('Allow Protocol/Ports'), _('Always allow a protocol \(tcp/udp\) with certain ports or port ranges in WAN-Input and WAN-Forward chain.'));
433 o.placeholder = 'tcp 80 443-445';
434 o.rmempty = true;
435
436 o = s.taboption('adv_chain', widgets.DeviceSelect, 'ban_vlanallow', _('Allow VLAN Forwards'), _('Always allow certain VLAN forwards.'));
437 o.multiple = true;
438 o.nocreate = true;
439 o.optional = true;
440 o.rmempty = true;
441
442 o = s.taboption('adv_chain', widgets.DeviceSelect, 'ban_vlanblock', _('Block VLAN Forwards'), _('Always block certain VLAN forwards.'));
443 o.multiple = true;
444 o.nocreate = true;
445 o.optional = true;
446 o.rmempty = true;
447
448 o = s.taboption('adv_chain', form.ListValue, 'ban_icmplimit', _('ICMP-Threshold'), _('ICMP-Threshold in packets per second to prevent WAN-DoS attacks. To disable this safeguard set it to \'0\'.'));
449 o.value('0');
450 o.value('10');
451 o.value('50');
452 o.value('100');
453 o.value('250');
454 o.value('500');
455 o.value('1000');
456 o.default = '10';
457 o.placeholder = _('-- default --');
458 o.create = true;
459 o.optional = true;
460 o.rmempty = true;
461
462 o = s.taboption('adv_chain', form.ListValue, 'ban_synlimit', _('SYN-Threshold'), _('SYN-Threshold in packets per second to prevent WAN-DoS attacks. To disable this safeguard set it to \'0\'.'));
463 o.value('0');
464 o.value('10');
465 o.value('50');
466 o.value('100');
467 o.value('250');
468 o.value('500');
469 o.value('1000');
470 o.default = '10';
471 o.placeholder = _('-- default --');
472 o.create = true;
473 o.optional = true;
474 o.rmempty = true;
475
476 o = s.taboption('adv_chain', form.ListValue, 'ban_udplimit', _('UDP-Threshold'), _('UDP-Threshold in packets per second to prevent WAN-DoS attacks. To disable this safeguard set it to \'0\'.'));
477 o.value('0');
478 o.value('100');
479 o.value('250');
480 o.value('500');
481 o.value('1000');
482 o.value('2500');
483 o.value('5000');
484 o.default = '100';
485 o.placeholder = _('-- default --');
486 o.create = true;
487 o.optional = true;
488 o.rmempty = true;
489
490 /*
491 advanced Set settings tab
492 */
493 o = s.taboption('adv_set', form.DummyValue, '_sub');
494 o.rawhtml = true;
495 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>'
496 + '<hr style="width: 200px; height: 1px;" />';
497
498 o = s.taboption('adv_set', form.ListValue, 'ban_nftpolicy', _('Set Policy'), _('Set the nft policy for banIP-related Sets.'));
499 o.value('memory', _('memory'));
500 o.value('performance', _('performance'));
501 o.default = 'memory';
502 o.placeholder = _('-- default --');
503 o.create = true;
504 o.optional = true;
505 o.rmempty = true;
506
507 o = s.taboption('adv_set', form.ListValue, 'ban_blocktype', _('Block Type'), _('Drop packets silently or actively reject the traffic on WAN-Input and WAN-Forward chains.'));
508 o.value('drop', _('drop'));
509 o.value('reject', _('reject'));
510 o.default = 'drop';
511 o.placeholder = _('-- default --');
512 o.create = true;
513 o.optional = true;
514 o.rmempty = true;
515
516 o = s.taboption('adv_set', form.ListValue, 'ban_blockpolicy', _('Default Block Policy'), _('By default each feed is active in all supported chains. Limit the default block policy to a certain chain.'));
517 o.value('input', _('WAN-Input Chain'));
518 o.value('forwardwan', _('WAN-Forward Chain'));
519 o.value('forwardlan', _('LAN-Forward Chain'));
520 o.optional = true;
521 o.rmempty = true;
522
523 let feed, feeds, descr;
524 if (result && Object.keys(result).length) {
525 if (result[0]) {
526 try {
527 feeds = JSON.parse(result[0]);
528 } catch (e) {
529 ui.addNotification(null, E('p', _('Unable to parse the custom feed file!')), 'error');
530 }
531 }
532 if (result[1] && (!feeds || (feeds && !Object.keys(feeds).length))) {
533 try {
534 feeds = JSON.parse(result[1]);
535 } catch (e) {
536 ui.addNotification(null, E('p', _('Unable to parse the default feed file!')), 'error');
537 }
538 }
539 }
540 if (feeds && Object.keys(feeds).length) {
541 o = s.taboption('adv_set', form.MultiValue, 'ban_blockinput', _('WAN-Input Chain'), _('Limit certain feeds to the WAN-Input chain.'));
542 o.value('allowlist', _('local allowlist'));
543 o.value('blocklist', _('local blocklist'));
544 for (let i = 0; i < Object.keys(feeds).length; i++) {
545 feed = Object.keys(feeds)[i].trim();
546 o.value(feed);
547 }
548 o.optional = true;
549 o.rmempty = true;
550
551 o = s.taboption('adv_set', form.MultiValue, 'ban_blockforwardwan', _('WAN-Forward Chain'), _('Limit certain feeds to the WAN-Forward chain.'));
552 o.value('allowlist', _('local allowlist'));
553 o.value('blocklist', _('local blocklist'));
554 for (let i = 0; i < Object.keys(feeds).length; i++) {
555 feed = Object.keys(feeds)[i].trim();
556 o.value(feed);
557 }
558 o.optional = true;
559 o.rmempty = true;
560
561 o = s.taboption('adv_set', form.MultiValue, 'ban_blockforwardlan', _('LAN-Forward Chain'), _('Limit certain feeds to the LAN-Forward chain.'));
562 o.value('allowlist', _('local allowlist'));
563 o.value('blocklist', _('local blocklist'));
564 for (let i = 0; i < Object.keys(feeds).length; i++) {
565 feed = Object.keys(feeds)[i].trim();
566 o.value(feed);
567 }
568 o.optional = true;
569 o.rmempty = true;
570 }
571
572 /*
573 advanced log settings tab
574 */
575 o = s.taboption('adv_log', form.DummyValue, '_sub');
576 o.rawhtml = true;
577 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>'
578 + '<hr style="width: 200px; height: 1px;" />';
579
580 o = s.taboption('adv_log', form.ListValue, 'ban_nftloglevel', _('NFT Log Level'), _('Set the syslog level for NFT logging.'));
581 o.value('emerg', _('emerg'));
582 o.value('alert', _('alert'));
583 o.value('crit', _('crit'));
584 o.value('err', _('err'));
585 o.value('warn', _('warn'));
586 o.value('notice', _('notice'));
587 o.value('info', _('info'));
588 o.value('debug', _('debug'));
589 o.default = 'warn';
590 o.placeholder = _('-- default --');
591 o.create = true;
592 o.optional = true;
593 o.rmempty = true;
594
595 o = s.taboption('adv_log', form.Flag, 'ban_logprerouting', _('Log Prerouting'), _('Log suspicious Prerouting packets.'));
596 o.rmempty = false;
597
598 o = s.taboption('adv_log', form.Flag, 'ban_loginput', _('Log WAN-Input'), _('Log suspicious incoming WAN packets.'));
599 o.rmempty = false;
600
601 o = s.taboption('adv_log', form.Flag, 'ban_logforwardwan', _('Log WAN-Forward'), _('Log suspicious forwarded WAN packets.'));
602 o.rmempty = false;
603
604 o = s.taboption('adv_log', form.Flag, 'ban_logforwardlan', _('Log LAN-Forward'), _('Log suspicious forwarded LAN packets.'));
605 o.rmempty = false;
606
607 o = s.taboption('adv_log', form.Value, 'ban_logreadfile', _('Logfile Location'), _('Location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread.'));
608 o.placeholder = '/var/log/messages';
609 o.rmempty = true;
610
611 o = s.taboption('adv_log', form.ListValue, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events. To disable the log monitor at all set it to \'0\'.'));
612 o.value('0');
613 o.value('50');
614 o.value('100');
615 o.value('250');
616 o.value('500');
617 o.value('1000');
618 o.default = '100';
619 o.placeholder = _('-- default --');
620 o.create = true;
621 o.optional = true;
622 o.rmempty = true;
623
624 o = s.taboption('adv_log', form.Value, 'ban_logcount', _('Log Count'), _('Number of failed login attempts of the same IP in the log before blocking.'));
625 o.placeholder = '1';
626 o.datatype = 'range(1,10)';
627 o.rmempty = true;
628
629 o = s.taboption('adv_log', form.DynamicList, 'ban_logterm', _('Log Terms'), _('The default regular expressions are filtering suspicious ssh, LuCI, nginx and asterisk traffic.'));
630 o.optional = true;
631 o.rmempty = true;
632
633 o = s.taboption('adv_log', form.Flag, 'ban_remotelog', _('Enable Remote Logging'), _('Enable the cgi interface to receive remote logging events.'));
634 o.default = 0
635 o.optional = true;
636 o.rmempty = true;
637
638 o = s.taboption('adv_log', form.Value, 'ban_remotetoken', _('Remote Token'), _('Token to communicate with the cgi interface.'));
639 o.depends('ban_remotelog', '1');
640 o.datatype = 'and(minlength(3),maxlength(20))';
641 o.validate = function (section_id, value) {
642 if (!value) {
643 return _('Empty field not allowed');
644 }
645 if (!value.match(/^[A-Za-z0-9\.\:]+$/)) {
646 return _('Invalid characters');
647 }
648 return true;
649 }
650 o.optional = true;
651 o.rmempty = true;
652
653 /*
654 advanced email settings tab
655 */
656 o = s.taboption('adv_email', form.DummyValue, '_sub');
657 o.rawhtml = true;
658 o.default = '<em style="color:#37c;font-weight:bold;">' + _('To enable email notifications, set up the \'msmtp\' package and specify a vaild E-Mail receiver address.') + '</em>'
659 + '<hr style="width: 200px; height: 1px;" />';
660
661 o = s.taboption('adv_email', form.Flag, 'ban_mailnotification', _('E-Mail Notification'), _('Receive E-Mail notifications with every banIP run.'));
662 o.rmempty = true;
663
664 o = s.taboption('adv_email', form.Value, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification E-Mails, this information is required to enable E-Mail functionality.'));
665 o.placeholder = 'name@example.com';
666 o.rmempty = true;
667
668 o = s.taboption('adv_email', form.Value, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
669 o.placeholder = 'no-reply@banIP';
670 o.rmempty = true;
671
672 o = s.taboption('adv_email', form.Value, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
673 o.placeholder = 'banIP notification';
674 o.rmempty = true;
675
676 o = s.taboption('adv_email', form.Value, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
677 o.placeholder = 'ban_notify';
678 o.datatype = 'uciname';
679 o.rmempty = true;
680
681 /*
682 feeds tab
683 */
684 o = s.taboption('feeds', form.DummyValue, '_sub');
685 o.rawhtml = true;
686 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service reload to take effect.') + '</em>'
687 + '<hr style="width: 200px; height: 1px;" />'
688 + '<em style="color:#37c;font-weight:bold;">' + _('External Blocklist Feeds') + '</em>';
689
690 if (feeds && Object.keys(feeds).length) {
691 o = s.taboption('feeds', form.MultiValue, 'ban_feed', _('Blocklist Feed'));
692 for (let i = 0; i < Object.keys(feeds).length; i++) {
693 feed = Object.keys(feeds)[i].trim();
694 descr = feeds[feed].descr.trim() || '-';
695 o.value(feed, feed + ' (' + descr + ')');
696 }
697 o.optional = true;
698 o.rmempty = true;
699 }
700
701 let err, ccode, rir, country, countries = [];
702 if (result && Object.keys(result[2]).length) {
703 countries = result[2].trim().split('\n');
704 if (countries && countries.length) {
705 o = s.taboption('feeds', form.MultiValue, 'ban_country', _('Countries') + ' (<abbr title="Regional Internet Registries">RIR</abbr>)');
706 for (let i = 0; i < countries.length; i++) {
707 try {
708 ccode = countries[i].match(/^(\w+)\t/)[1].trim();
709 rir = countries[i].match(/^\w+\t(\w+)\t/)[1].trim();
710 country = countries[i].match(/^\w+\t\w+\t(.*$)/)[1].trim();
711 o.value(ccode, country + ' (' + rir + ')');
712 } catch (e) {
713 countries[i] = "";
714 if (!err) {
715 ui.addNotification(null, E('p', _('Unable to parse the countries file!')), 'error');
716 }
717 err = e;
718 }
719 }
720 o.optional = true;
721 o.rmempty = true;
722 }
723 }
724
725 o = s.taboption('feeds', form.MultiValue, 'ban_region', _('Regional Internet Registry'));
726 o.value('AFRINIC', _('AFRINIC - serving Africa and the Indian Ocean region'));
727 o.value('APNIC', _('APNIC - serving the Asia Pacific region'));
728 o.value('ARIN', _('ARIN - serving Canada and the United States'));
729 o.value('LACNIC', _('LACNIC - serving the Latin American and Caribbean region'));
730 o.value('RIPE', _('RIPE - serving Europe, Middle East and Central Asia'));
731 o.optional = true;
732 o.rmempty = true;
733
734 o = s.taboption('feeds', form.DynamicList, 'ban_asn', _('ASNs'));
735 o.datatype = 'uinteger';
736 o.optional = true;
737 o.rmempty = true;
738
739 o = s.taboption('feeds', form.DummyValue, '_feeds');
740 o.rawhtml = true;
741 o.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('External Allowlist Feeds') + '</em>';
742
743 if (countries && countries.length) {
744 o = s.taboption('feeds', form.DynamicList, 'ban_allowurl', _('Allowlist Feed URLs'));
745 for (let i = 0; i < countries.length; i++) {
746 try {
747 ccode = countries[i].match(/^(\w+)\t/)[1].trim();
748 rir = countries[i].match(/^\w+\t(\w+)\t/)[1].trim();
749 country = countries[i].match(/^\w+\t\w+\t(.*$)/)[1].trim();
750 o.value('https://www.ipdeny.com/ipblocks/data/aggregated/' + ccode + '-aggregated.zone', country + ' IPv4 (' + rir + ')');
751 o.value('https://www.ipdeny.com/ipv6/ipaddresses/aggregated/' + ccode + '-aggregated.zone', country + ' IPv6 (' + rir + ')');
752 } catch (e) {
753 countries[i] = "";
754 }
755 }
756 o.optional = true;
757 o.rmempty = true;
758 o.validate = function (section_id, value) {
759 if (!value) {
760 return true;
761 }
762 if (!value.match(/^(http:\/\/|https:\/\/)[A-Za-z0-9\/\.\-_\?\&\+=:~#]+$/)) {
763 return _('Protocol/URL format not supported');
764 }
765 return true;
766 }
767 }
768
769 o = s.taboption('feeds', form.DummyValue, '_feeds');
770 o.rawhtml = true;
771 o.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('Local Feed Settings') + '</em>';
772
773 o = s.taboption('feeds', form.Flag, 'ban_autoallowlist', _('Auto Allowlist'), _('Automatically add resolved domains and uplink IPs to the local banIP allowlist.'));
774 o.default = 1
775 o.rmempty = false;
776
777 o = s.taboption('feeds', form.ListValue, 'ban_autoallowuplink', _('Auto Allow Uplink'), _('Limit the uplink autoallow function.'));
778 o.depends('ban_autoallowlist', '1');
779 o.value('disable', _('Disable'));
780 o.value('subnet', _('Subnet'));
781 o.value('ip', _('IP'));
782 o.default = 'subnet';
783 o.placeholder = _('-- default --');
784 o.create = true;
785 o.optional = true;
786 o.rmempty = true;
787
788 o = s.taboption('feeds', form.Flag, 'ban_autoblocklist', _('Auto Blocklist'), _('Automatically add resolved domains and suspicious IPs to the local banIP blocklist.'));
789 o.default = 1
790 o.rmempty = false;
791
792 o = s.taboption('feeds', form.Flag, 'ban_autoblocksubnet', _('Auto Block Subnet'), _('Automatically add entire subnets to the blocklist Set based on an additional RDAP request with the suspicious IP.'));
793 o.default = 0
794 o.optional = true;
795 o.rmempty = true;
796
797 o = s.taboption('feeds', form.ListValue, 'ban_nftexpiry', _('Blocklist Set Expiry'), _('Expiry time for auto added blocklist Set members.'));
798 o.value('10s');
799 o.value('1m');
800 o.value('5m');
801 o.value('1h');
802 o.value('2h');
803 o.value('1d');
804 o.optional = true;
805 o.rmempty = true;
806
807 o = s.taboption('feeds', form.Flag, 'ban_allowlistonly', _('Allowlist Only'), _('Restrict the internet access from/to a small number of secure IPs.'));
808 o.rmempty = false;
809
810 return m.render();
811 },
812 handleSaveApply: null,
813 handleSave: null,
814 handleReset: null
815 });
Lua Configuration Interface (mirror)