root/luci/trunk/applications/luci-firewall/luasrc/model/cbi/firewall/zone-details.lua @ 8108

Revision 8108, 6.0 KB (checked in by jow, 17 months ago)

applications/luci-firewall: complete rework firewall ui

  • split zone setup, port forwards, traffic rules and firewall.user
  • add quickadd forms for various common rules like port forwards
  • add tool class for textual formatting and descriptions of rules
  • simplify controller, remove old mini admin remainders
  • Property svn:keywords set to Id
Line 
1--[[
2LuCI - Lua Configuration Interface
3
4Copyright 2008 Steven Barth <steven@midlink.org>
5
6Licensed under the Apache License, Version 2.0 (the "License");
7you may not use this file except in compliance with the License.
8You may obtain a copy of the License at
9
10    http://www.apache.org/licenses/LICENSE-2.0
11
12$Id$
13]]--
14
15local nw = require "luci.model.network"
16local fw = require "luci.model.firewall"
17local ds = require "luci.dispatcher"
18local ut = require "luci.util"
19
20local m, p, i, v
21local s, name, net, family, msrc, mdest, log, lim
22local s2, out, inp
23
24
25m = Map("firewall", translate("Firewall - Zone Settings"))
26m.redirect = luci.dispatcher.build_url("admin/network/firewall/zones")
27
28fw.init(m.uci)
29nw.init(m.uci)
30
31
32local zone = fw:get_zone(arg[1])
33if not zone then
34    luci.http.redirect(dsp.build_url("admin/network/firewall/zones"))
35    return
36else
37    m.title = "%s - %s" %{
38        translate("Firewall - Zone Settings"),
39        translatef("Zone %q", zone:name() or "?")
40    }
41end
42
43
44s = m:section(NamedSection, zone.sid, "zone",
45    translatef("Zone %q", zone:name()),
46    translatef("This section defines common properties of %q. \
47        The <em>input</em> and <em>output</em> options set the default \
48        policies for traffic entering and leaving this zone while the \
49        <em>forward</em> option describes the policy for forwarded traffic \
50        between different networks within the zone. \
51        <em>Covered networks</em> specifies which available networks are \
52        member of this zone.", zone:name()))
53
54s.anonymous = true
55s.addremove = false
56
57m.on_commit = function(map)
58    local zone = fw:get_zone(arg[1])
59    if zone then
60        s.section  = zone.sid
61        s2.section = zone.sid
62    end
63end
64
65
66s:tab("general", translate("General Settings"))
67s:tab("advanced", translate("Advanced Settings"))
68
69
70name = s:taboption("general", Value, "name", translate("Name"))
71name.optional = false
72name.forcewrite = true
73name.datatype = "uciname"
74
75function name.write(self, section, value)
76    if zone:name() ~= value then
77        fw:rename_zone(zone:name(), value)
78        out.exclude = value
79        inp.exclude = value
80    end
81
82    m.redirect = ds.build_url("admin/network/firewall/zones", value)
83    m.title = "%s - %s" %{
84        translate("Firewall - Zone Settings"),
85        translatef("Zone %q", value or "?")
86    }
87end
88
89p = {
90    s:taboption("general", ListValue, "input", translate("Input")),
91    s:taboption("general", ListValue, "output", translate("Output")),
92    s:taboption("general", ListValue, "forward", translate("Forward"))
93}
94
95for i, v in ipairs(p) do
96    v:value("REJECT", translate("reject"))
97    v:value("DROP", translate("drop"))
98    v:value("ACCEPT", translate("accept"))
99end
100
101s:taboption("general", Flag, "masq", translate("Masquerading"))
102s:taboption("general", Flag, "mtu_fix", translate("MSS clamping"))
103
104net = s:taboption("general", Value, "network", translate("Covered networks"))
105net.template = "cbi/network_netlist"
106net.widget = "checkbox"
107net.cast = "string"
108
109function net.formvalue(self, section)
110    return Value.formvalue(self, section) or "-"
111end
112
113function net.cfgvalue(self, section)
114    return Value.cfgvalue(self, section) or name:cfgvalue(section)
115end
116
117function net.write(self, section, value)
118    zone:clear_networks()
119
120    local n
121    for n in ut.imatch(value) do
122        zone:add_network(n)
123    end
124end
125
126
127family = s:taboption("advanced", ListValue, "family",
128    translate("Restrict to address family"))
129
130family.rmempty = true
131family:value("", translate("IPv4 and IPv6"))
132family:value("ipv4", translate("IPv4 only"))
133family:value("ipv6", translate("IPv6 only"))
134
135msrc = s:taboption("advanced", DynamicList, "masq_src",
136    translate("Restrict Masquerading to given source subnets"))
137
138msrc.optional = true
139msrc.datatype = "neg_network_ip4addr"
140msrc.placeholder = "0.0.0.0/0"
141msrc:depends("family", "")
142msrc:depends("family", "ipv4")
143
144mdest = s:taboption("advanced", DynamicList, "masq_dest",
145    translate("Restrict Masquerading to given destination subnets"))
146
147mdest.optional = true
148mdest.datatype = "neg_network_ip4addr"
149mdest.placeholder = "0.0.0.0/0"
150mdest:depends("family", "")
151mdest:depends("family", "ipv4")
152
153s:taboption("advanced", Flag, "conntrack",
154    translate("Force connection tracking"))
155
156log = s:taboption("advanced", Flag, "log",
157    translate("Enable logging on this zone"))
158
159log.rmempty = true
160log.enabled = "1"
161
162lim = s:taboption("advanced", Value, "log_limit",
163    translate("Limit log messages"))
164
165lim.placeholder = "10/minute"
166lim:depends("log", "1")
167
168
169s2 = m:section(NamedSection, zone.sid, "fwd_out",
170    translate("Inter-Zone Forwarding"),
171    translatef("The options below control the forwarding policies between \
172        this zone (%s) and other zones. <em>Destination zones</em> cover \
173        forwarded traffic <strong>originating from %q</strong>. \
174        <em>Source zones</em> match forwarded traffic from other zones \
175        <strong>targeted at %q</strong>. The forwarding rule is \
176        <em>unidirectional</em>, e.g. a forward from lan to wan does \
177        <em>not</em> imply a permission to forward from wan to lan as well.",
178        zone:name(), zone:name(), zone:name()
179
180    ))
181
182out = s2:option(Value, "out",
183    translate("Allow forward to <em>destination zones</em>:"))
184
185out.nocreate = true
186out.widget = "checkbox"
187out.exclude = zone:name()
188out.template = "cbi/firewall_zonelist"
189
190inp = s2:option(Value, "in",
191    translate("Allow forward from <em>source zones</em>:"))
192
193inp.nocreate = true
194inp.widget = "checkbox"
195inp.exclude = zone:name()
196inp.template = "cbi/firewall_zonelist"
197
198function out.cfgvalue(self, section)
199    local v = { }
200    local f
201    for _, f in ipairs(zone:get_forwardings_by("src")) do
202        v[#v+1] = f:dest()
203    end
204    return table.concat(v, " ")
205end
206
207function inp.cfgvalue(self, section)
208    local v = { }
209    local f
210    for _, f in ipairs(zone:get_forwardings_by("dest")) do
211        v[#v+1] = f:src()
212    end
213    return v
214end
215
216function out.formvalue(self, section)
217    return Value.formvalue(self, section) or "-"
218end
219
220function inp.formvalue(self, section)
221    return Value.formvalue(self, section) or "-"
222end
223
224function out.write(self, section, value)
225    zone:del_forwardings_by("src")
226
227    local f
228    for f in ut.imatch(value) do
229        zone:add_forwarding_to(f)
230    end
231end
232
233function inp.write(self, section, value)
234    zone:del_forwardings_by("dest")
235
236    local f
237    for f in ut.imatch(value) do
238        zone:add_forwarding_from(f)
239    end
240end
241
242return m
Note: See TracBrowser for help on using the browser.