commit 4f6198094cf4134179d1f9c9fa8f79759a27c87e
[project/luci.git] / applications / luci-statistics / luasrc / model / cbi / luci_statistics / iptables.lua
1 --[[
2
3 Luci configuration model for statistics - collectd iptables plugin configuration
4 (c) 2008 Freifunk Leipzig / Jo-Philipp Wich <xm@leipzig.freifunk.net>
5
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
9
10 http://www.apache.org/licenses/LICENSE-2.0
11
12 $Id$
13
14 ]]--
15
16 require("luci.sys.iptparser")
17
18 ip = luci.sys.iptparser.IptParser()
19 chains = { }
20 targets = { }
21
22 for i, rule in ipairs( ip:find() ) do
23 chains[rule.chain] = true
24 targets[rule.target] = true
25 end
26
27
28 m = Map("luci_statistics", "Iptables Plugin",
29 [[Das Iptables-Plugin ermöglicht die Überwachung bestimmter Firewallregeln um
30 Werte wie die Anzahl der verarbeiteten Pakete oder die insgesamt erfasste Datenmenge
31 zu speichern.]])
32
33 -- collectd_iptables config section
34 s = m:section( NamedSection, "collectd_iptables", "luci_statistics", "Pluginkonfiguration" )
35
36 -- collectd_iptables.enable
37 enable = s:option( Flag, "enable", "Plugin aktivieren" )
38 enable.default = 0
39
40
41 -- collectd_iptables_match config section (Chain directives)
42 rule = m:section( TypedSection, "collectd_iptables_match", "Regel hinzufügen",
43 [[Hier werden die Kriterien festgelegt, nach welchen die Firewall-Regeln zur Überwachung
44 ausgewählt werden.]])
45 rule.addremove = true
46 rule.anonymous = true
47
48
49 -- collectd_iptables_match.name
50 rule_table = rule:option( Value, "name", "Name der Regel", "wird im Diagram verwendet" )
51
52 -- collectd_iptables_match.table
53 rule_table = rule:option( ListValue, "table", "Firewall-Tabelle" )
54 rule_table.default = "filter"
55 rule_table.rmempty = true
56 rule_table.optional = true
57 rule_table:value("")
58 rule_table:value("filter")
59 rule_table:value("nat")
60 rule_table:value("mangle")
61
62
63 -- collectd_iptables_match.chain
64 rule_chain = rule:option( ListValue, "chain", "Firewall-Kette (Chain)" )
65 rule_chain.rmempty = true
66 rule_chain.optional = true
67 rule_chain:value("")
68
69 for chain, void in pairs( chains ) do
70 rule_chain:value( chain )
71 end
72
73
74 -- collectd_iptables_match.target
75 rule_target = rule:option( ListValue, "target", "Firewall-Aktion (Target)" )
76 rule_target.rmempty = true
77 rule_target.optional = true
78 rule_target:value("")
79
80 for target, void in pairs( targets ) do
81 rule_target:value( target )
82 end
83
84
85 -- collectd_iptables_match.protocol
86 rule_protocol = rule:option( ListValue, "protocol", "Netzwerkprotokoll" )
87 rule_protocol.rmempty = true
88 rule_protocol.optional = true
89 rule_protocol:value("")
90 rule_protocol:value("tcp")
91 rule_protocol:value("udp")
92 rule_protocol:value("icmp")
93
94 -- collectd_iptables_match.source
95 rule_source = rule:option( Value, "source", "Quell-IP-Bereich", "Bereich in CIDR Notation" )
96 rule_source.default = "0.0.0.0/0"
97 rule_source.rmempty = true
98 rule_source.optional = true
99
100 -- collectd_iptables_match.destination
101 rule_destination = rule:option( Value, "destination", "Ziel-IP-Bereich", "Bereich in CIDR Notation" )
102 rule_destination.default = "0.0.0.0/0"
103 rule_destination.rmempty = true
104 rule_destination.optional = true
105
106 -- collectd_iptables_match.inputif
107 rule_inputif = rule:option( Value, "inputif", "eingehende Schnittstelle", "z.B. eth0.0" )
108 rule_inputif.rmempty = true
109 rule_inputif.optional = true
110
111 -- collectd_iptables_match.outputif
112 rule_outputif = rule:option( Value, "outputif", "ausgehende Schnittstelle", "z.B. eth0.1" )
113 rule_outputif.rmempty = true
114 rule_outputif.optional = true
115
116 -- collectd_iptables_match.options
117 rule_options = rule:option( Value, "options", "Optionen", "z.B. reject-with tcp-reset" )
118 rule_options.rmempty = true
119 rule_options.optional = true
120
121 return m