applications/luci-fw/root/lib/uci/schema/default/firewall

   1 package firewall
   2
   3 config package
   4         option title 'Firewall configuration'
   5
   6 config section
   7         option name     'zone'
   8         option title    'Firewall zones'
   9         option package  'firewall'
  10
  11 config variable
  12         option name     'name'
  13         option title    'Name'
  14         option section  'firewall.zone'
  15         option required true
  16
  17 config variable
  18         option name     'network'
  19         option title    'Networks belonging to this zone'
  20         option section  'firewall.zone'
  21         option valueof  'network.interface'
  22         option multival true
  23
  24 config variable
  25         option name     'forward'
  26         option title    'Zone specific action for forwarded traffic'
  27         option section  'firewall.zone'
  28         option required true
  29
  30 config variable
  31         option name     'input'
  32         option title    'Zone specific action for incoming traffic'
  33         option section  'firewall.zone'
  34         option required true
  35
  36 config variable
  37         option name     'output'
  38         option title    'Zone specific action for outgoing traffic'
  39         option section  'firewall.zone'
  40         option required true
  41
  42 config variable
  43         option name     'masq'
  44         option title    'Enable masquerading for outgoing zone traffic'
  45         option section  'firewall.zone'
  46         option datatype 'boolean'
  47
  48
  49
  50 config section
  51         option name     'defaults'
  52         option title    'Global firewall defaults'
  53         option package  'firewall'
  54         option unique   true
  55         option required true
  56
  57 config variable
  58         option name     'forward'
  59         option title    'Action for forwarded traffic'
  60         option section  'firewall.defaults'
  61         option required true
  62
  63 config variable
  64         option name     'input'
  65         option title    'Action for incoming traffic'
  66         option section  'firewall.defaults'
  67         option required true
  68
  69 config variable
  70         option name     'output'
  71         option title    'Action for outgoing traffic'
  72         option section  'firewall.defaults'
  73         option required true
  74
  75 config variable
  76         option name     'syn_flood'
  77         option title    'Enable syn-flood protection'
  78         option section  'firewall.defaults'
  79         option datatype 'boolean'
  80
  81 config variable
  82         option name     'drop_invalid'
  83         option title    'Do not drop packages with state invalid'
  84         option section  'firewall.defaults'
  85         option datatype 'boolean'
  86
  87
  88
  89 config section
  90         option name     'forwarding'
  91         option title    'Forwarding rules'
  92         option package  'firewall'
  93
  94 config variable
  95         option name     'src'
  96         option title    'Source zone'
  97         option section  'firewall.forwarding'
  98         option valueof  'firewall.zone.name'
  99         option required true
 100
 101 config variable
 102         option name     'dest'
 103         option title    'Destination zone'
 104         option section  'firewall.forwarding'
 105         option valueof  'firewall.zone.name'
 106         option required true
 107
 108 config variable
 109         option name     'mtu_fix'
 110         option title    'Fixup MTU of outgoing packages'
 111         option section  'firewall.forwarding'
 112         option datatype 'boolean'
 113
 114
 115
 116 config section
 117         option name     'rule'
 118         option title    'Custom rules'
 119         option package  'firewall'
 120         list   depends  'target, src'
 121         list   depends  'target, dest'
 122         list   depends  'target, src_ip'
 123         list   depends  'target, src_port'
 124         list   depends  'target, src_mac'
 125         list   depends  'target, dest_ip'
 126         list   depends  'target, dest_port'
 127         list   depends  'target, proto'
 128
 129 config variable
 130         option name     'src'
 131         option title    'Source zone'
 132         option section  'firewall.rule'
 133         option valueof  'firewall.zone.name'
 134
 135 config variable
 136         option name     'src_ip'
 137         option title    'Source IP address'
 138         option section  'firewall.rule'
 139         option datatype 'ipaddr'
 140
 141 config variable
 142         option name     'src_port'
 143         option title    'Source port'
 144         option section  'firewall.rule'
 145         option datatype 'portrange'
 146
 147 config variable
 148         option name     'src_mac'
 149         option title    'Source MAC address'
 150         option section  'firewall.rule'
 151         option datatype 'macaddr'
 152
 153 config variable
 154         option name     'dest'
 155         option title    'Destination zone'
 156         option section  'firewall.rule'
 157         option valueof  'firewall.zone.name'
 158
 159 config variable
 160         option name     'dest_ip'
 161         option title    'Destination IP address'
 162         option section  'firewall.rule'
 163         option datatype 'ipaddr'
 164
 165 config variable
 166         option name     'dest_port'
 167         option title    'Destination port'
 168         option section  'firewall.rule'
 169         option datatype 'portrange'
 170
 171 config variable
 172         option name     'proto'
 173         option title    'Protocol'
 174         option section  'firewall.rule'
 175         option datatype 'string'
 176
 177 config variable
 178         option name     'target'
 179         option title    'Option target'
 180         option section  'firewall.rule'
 181         option datatype 'string'
 182
 183
 184
 185 config section
 186         option name     'redirect'
 187         option title    'Redirection rules'
 188         option package  'firewall'
 189
 190 config variable
 191         option name     'src'
 192         option title    'Source zone'
 193         option section  'firewall.redirect'
 194         option valueof  'firewall.zone.name'
 195
 196 config variable
 197         option name     'src_ip'
 198         option title    'Source IP address'
 199         option section  'firewall.redirect'
 200         option datatype 'ipaddr'
 201
 202 config variable
 203         option name     'src_port'
 204         option title    'Source port'
 205         option section  'firewall.redirect'
 206         option datatype 'portrange'
 207
 208 config variable
 209         option name     'src_dport'
 210         option title    'Source destination port'
 211         option section  'firewall.redirect'
 212         option datatype 'portrange'
 213
 214 config variable
 215         option name     'src_mac'
 216         option title    'Option src_mac'
 217         option section  'firewall.redirect'
 218         option datatype 'macaddr'
 219
 220 config variable
 221         option name     'dest'
 222         option title    'Destination zone'
 223         option section  'firewall.redirect'
 224         option valueof  'firewall.zone.name'
 225
 226 config variable
 227         option name     'dest_ip'
 228         option title    'Destination IP address'
 229         option section  'firewall.redirect'
 230         option datatype 'ipaddr'
 231
 232 config variable
 233         option name     'dest_port'
 234         option title    'Destination port'
 235         option section  'firewall.redirect'
 236         option datatype 'portrange'
 237
 238 config variable
 239         option name     'proto'
 240         option title    'Protocol'
 241         option section  'firewall.redirect'
 242         option datatype 'string'
 243
 244
 245
 246 config section
 247         option name     'include'
 248         option title    'User defined config includes'
 249         option package  'firewall'
 250
 251 config variable
 252         option name     'path'
 253         option title    'Path to the include file'
 254         option section  'firewall.include'
 255         option datatype 'file'