2 LuCI - Lua Configuration Interface
4 Copyright 2011 Jo-Philipp Wich <xm@subsignal.org>
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
10 http://www.apache.org/licenses/LICENSE-2.0
15 module("luci.tools.firewall", package.seeall)
17 local ut = require "luci.util"
18 local ip = require "luci.ip"
19 local nx = require "nixio"
21 local translate, translatef = luci.i18n.translate, luci.i18n.translatef
24 if type(x) == "string" then
25 local v, neg = x:gsub("^ *! *", "")
27 return v, "%s " % translate("not")
38 local l = { translate("MAC"), " " }
39 for m in ut.imatch(x) do
41 l[#l+1] = "<var>%s%s</var>" %{ n, m }
47 l[1] = translate("MACs")
49 return table.concat(l, "")
54 function fmt_port(x, d)
57 local l = { translate("port"), " " }
58 for p in ut.imatch(x) do
60 local a, b = p:match("(%d+)%D+(%d+)")
62 l[1] = translate("ports")
63 l[#l+1] = "<var>%s%d-%d</var>" %{ n, a, b }
65 l[#l+1] = "<var>%s%d</var>" %{ n, p }
72 l[1] = translate("ports")
74 return table.concat(l, "")
77 return d and "<var>%s</var>" % d
82 local l = { translate("IP"), " " }
84 for v in ut.imatch(x) do
86 a, m = v:match("(%S+)/(%d+%.%S+)")
88 a = a:match(":") and ip.IPv6(a, m) or ip.IPv4(a, m)
89 if a and (a:is6() or a:prefix() < 32) then
90 l[1] = translate("IP range")
91 l[#l+1] = "<var title='%s - %s'>%s%s</var>" %{
97 l[#l+1] = "<var>%s%s</var>" %{
107 l[1] = translate("IPs")
109 return table.concat(l, "")
112 return d and "<var>%s</var>" % d
115 function fmt_zone(x, d)
117 return "<var>%s</var>" % translate("any zone")
118 elseif x and #x > 0 then
119 return "<var>%s</var>" % x
121 return "<var>%s</var>" % d
125 function fmt_icmp_type(x)
128 local l = { translate("type"), " " }
129 for v in ut.imatch(x) do
131 l[#l+1] = "<var>%s%s</var>" %{ n, v }
137 l[1] = translate("types")
139 return table.concat(l, "")
144 function fmt_proto(x, icmp_types)
148 local t = fmt_icmp_type(icmp_types)
149 for v in ut.imatch(x) do
151 if v == "tcpudp" then
155 elseif v ~= "all" then
156 local p = nx.getproto(v)
159 if (p.proto == 1 or p.proto == 58) and t then
160 l[#l+1] = translatef(
162 n, p.aliases[1] or p.name, t
167 p.aliases[1] or p.name
176 return table.concat(l, "")
181 function fmt_limit(limit, burst)
182 burst = tonumber(burst)
183 if limit and #limit > 0 then
184 local l, u = limit:match("(%d+)/(%w+)")
185 l = tonumber(l or limit)
188 if u:match("^s") then
189 u = translate("second")
190 elseif u:match("^m") then
191 u = translate("minute")
192 elseif u:match("^h") then
193 u = translate("hour")
194 elseif u:match("^d") then
197 if burst and burst > 0 then
198 return translatef("<var>%d</var> pkts. per <var>%s</var>, \
199 burst <var>%d</var> pkts.", l, u, burst)
201 return translatef("<var>%d</var> pkts. per <var>%s</var>", l, u)
207 function fmt_target(x, dest)
208 if dest and #dest > 0 then
209 if x == "ACCEPT" then
210 return translate("Accept forward")
211 elseif x == "REJECT" then
212 return translate("Refuse forward")
213 elseif x == "NOTRACK" then
214 return translate("Do not track forward")
215 else --if x == "DROP" then
216 return translate("Discard forward")
219 if x == "ACCEPT" then
220 return translate("Accept input")
221 elseif x == "REJECT" then
222 return translate("Refuse input")
223 elseif x == "NOTRACK" then
224 return translate("Do not track input")
225 else --if x == "DROP" then
226 return translate("Discard input")