projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
luci-app-banip: handle load errors of the countries file
[project/luci.git] / applications / luci-app-banip / htdocs / luci-static / resources / view / banip / overview.js
1 'use strict';
2 'require view';
3 'require poll';
4 'require fs';
5 'require ui';
6 'require uci';
7 'require form';
8 'require tools.widgets as widgets';
9
10 /*
11 button handling
12 */
13 function handleAction(ev) {
14 return fs.exec_direct('/etc/init.d/banip', [ev])
15 }
16
17 return view.extend({
18 load: function () {
19 return Promise.all([
20 L.resolveDefault(fs.read_direct('/etc/banip/banip.custom.feeds'), ''),
21 L.resolveDefault(fs.read_direct('/etc/banip/banip.feeds'), ''),
22 L.resolveDefault(fs.read_direct('/etc/banip/banip.countries'), ''),
23 uci.load('banip')
24 ]);
25 },
26
27 render: function (result) {
28 let m, s, o;
29
30 m = new form.Map('banip', 'banIP', _('Configuration of the banIP package to ban incoming and outgoing IPs via named nftables Sets. \
31 For further information please check the <a style="color:#37c;font-weight:bold;" href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >online documentation</a>'));
32
33 /*
34 poll runtime information
35 */
36 let buttons, rtRes, infStat, infVer, infElements, infFeeds, infDevices, infUplink, infSystem, nftInfos, runInfos, infFlags, last_run
37
38 pollData: poll.add(function () {
39 return L.resolveDefault(fs.stat('/var/run/banip.lock')).then(function (stat) {
40 buttons = document.querySelectorAll('.cbi-button');
41 infStat = document.getElementById('status');
42 if (stat) {
43 for (let i = 0; i < buttons.length; i++) {
44 buttons[i].setAttribute('disabled', 'true');
45 }
46 if (infStat && !infStat.classList.contains('spinning')) {
47 infStat.classList.add('spinning');
48 }
49 } else {
50 for (let i = 0; i < buttons.length; i++) {
51 buttons[i].removeAttribute('disabled');
52 }
53 if (infStat && infStat.classList.contains('spinning')) {
54 infStat.classList.remove('spinning');
55 }
56 }
57 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['status'])).then(function (result) {
58 if (result) {
59 rtRes = result.trim().split('\n');
60 if (rtRes) {
61 for (let i = 0; i < rtRes.length; i++) {
62 if (rtRes[i].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)) {
63 rtRes.status = rtRes[i].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)[1];
64 } else if (rtRes[i].match(/^\s+\+\sversion\s+\:\s+(.*)$/)) {
65 rtRes.version = rtRes[i].match(/^\s+\+\sversion\s+\:\s+(.*)$/)[1];
66 } else if (rtRes[i].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)) {
67 rtRes.elementCount = rtRes[i].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)[1];
68 } else if (rtRes[i].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)) {
69 rtRes.activeFeeds = rtRes[i].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)[1];
70 } else if (rtRes[i].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)) {
71 rtRes.activeDevices = rtRes[i].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)[1];
72 } else if (rtRes[i].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)) {
73 rtRes.activeUplink = rtRes[i].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)[1];
74 } else if (rtRes[i].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)) {
75 rtRes.nftInfo = rtRes[i].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)[1];
76 } else if (rtRes[i].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)) {
77 rtRes.runInfo = rtRes[i].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)[1];
78 } else if (rtRes[i].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)) {
79 rtRes.runFlags = rtRes[i].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)[1];
80 } else if (rtRes[i].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)) {
81 rtRes.lastRun = rtRes[i].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)[1];
82 } else if (rtRes[i].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)) {
83 rtRes.systemInfo = rtRes[i].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)[1];
84 }
85 }
86 }
87 if (rtRes) {
88 infStat = document.getElementById('status');
89 if (infStat) {
90 infStat.textContent = rtRes.status || '-';
91 }
92 infVer = document.getElementById('version');
93 if (infVer) {
94 infVer.textContent = rtRes.version || '-';
95 }
96 infElements = document.getElementById('elements');
97 if (infElements) {
98 infElements.textContent = rtRes.elementCount || '-';
99 }
100 infFeeds = document.getElementById('feeds');
101 if (infFeeds) {
102 infFeeds.textContent = rtRes.activeFeeds || '-';
103 }
104 infDevices = document.getElementById('devices');
105 if (infDevices) {
106 infDevices.textContent = rtRes.activeDevices || '-';
107 }
108 infUplink = document.getElementById('uplink');
109 if (infUplink) {
110 infUplink.textContent = rtRes.activeUplink || '-';
111 }
112 nftInfos = document.getElementById('nft');
113 if (nftInfos) {
114 nftInfos.textContent = rtRes.nftInfo || '-';
115 }
116 runInfos = document.getElementById('run');
117 if (runInfos) {
118 runInfos.textContent = rtRes.runInfo || '-';
119 }
120 infFlags = document.getElementById('flags');
121 if (infFlags) {
122 infFlags.textContent = rtRes.runFlags || '-';
123 }
124 last_run = document.getElementById('last');
125 if (last_run) {
126 last_run.textContent = rtRes.lastRun || '-';
127 }
128 infSystem = document.getElementById('system');
129 if (infSystem) {
130 infSystem.textContent = rtRes.systemInfo || '-';
131 }
132 }
133 } else {
134 infStat = document.getElementById('status');
135 if (infStat) {
136 infStat.textContent = '-';
137 poll.stop();
138 if (infStat.classList.contains('spinning')) {
139 infStat.classList.remove('spinning');
140 }
141 }
142 }
143 });
144 });
145 }, 2);
146
147 /*
148 runtime information and buttons
149 */
150 s = m.section(form.NamedSection, 'global');
151 s.render = L.bind(function (view, section_id) {
152 return E('div', { 'class': 'cbi-section' }, [
153 E('h3', _('Information')),
154 E('div', { 'class': 'cbi-value' }, [
155 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Status')),
156 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '\xa0')
157 ]),
158 E('div', { 'class': 'cbi-value' }, [
159 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Version')),
160 E('div', { 'class': 'cbi-value-field', 'id': 'version', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
161 ]),
162 E('div', { 'class': 'cbi-value' }, [
163 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Element Count')),
164 E('div', { 'class': 'cbi-value-field', 'id': 'elements', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
165 ]),
166 E('div', { 'class': 'cbi-value' }, [
167 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Feeds')),
168 E('div', { 'class': 'cbi-value-field', 'id': 'feeds', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
169 ]),
170 E('div', { 'class': 'cbi-value' }, [
171 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Devices')),
172 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
173 ]),
174 E('div', { 'class': 'cbi-value' }, [
175 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Uplink')),
176 E('div', { 'class': 'cbi-value-field', 'id': 'uplink', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
177 ]),
178 E('div', { 'class': 'cbi-value' }, [
179 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('NFT Information')),
180 E('div', { 'class': 'cbi-value-field', 'id': 'nft', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
181 ]),
182 E('div', { 'class': 'cbi-value' }, [
183 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Run Information')),
184 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
185 ]),
186 E('div', { 'class': 'cbi-value' }, [
187 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Run Flags')),
188 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
189 ]),
190 E('div', { 'class': 'cbi-value' }, [
191 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Last Run')),
192 E('div', { 'class': 'cbi-value-field', 'id': 'last', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
193 ]),
194 E('div', { 'class': 'cbi-value' }, [
195 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('System Information')),
196 E('div', { 'class': 'cbi-value-field', 'id': 'system', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
197 ]),
198 E('div', { class: 'right' }, [
199 E('button', {
200 'class': 'btn cbi-button cbi-button-action',
201 'click': ui.createHandlerFn(this, function () {
202 return handleAction('lookup');
203 })
204 }, [_('Domain Lookup')]),
205 '\xa0\xa0\xa0',
206 E('button', {
207 'class': 'btn cbi-button cbi-button-negative',
208 'click': ui.createHandlerFn(this, function () {
209 return handleAction('stop');
210 })
211 }, [_('Stop')]),
212 '\xa0\xa0\xa0',
213 E('button', {
214 'class': 'btn cbi-button cbi-button-positive',
215 'click': ui.createHandlerFn(this, function () {
216 return handleAction('reload');
217 })
218 }, [_('Reload')]),
219 '\xa0\xa0\xa0',
220 E('button', {
221 'class': 'btn cbi-button cbi-button-positive',
222 'click': ui.createHandlerFn(this, function () {
223 return handleAction('restart');
224 })
225 }, [_('Restart')])
226 ])
227 ]);
228 }, o, this);
229 this.pollData;
230
231 /*
232 tabbed config section
233 */
234 s = m.section(form.NamedSection, 'global', 'banip', _('Settings'));
235 s.addremove = false;
236 s.tab('general', _('General Settings'));
237 s.tab('advanced', _('Advanced Settings'));
238 s.tab('adv_chain', _('Table/Chain Settings'));
239 s.tab('adv_set', _('Feed/Set Settings'));
240 s.tab('adv_log', _('Log Settings'));
241 s.tab('adv_email', _('E-Mail Settings'));
242 s.tab('feeds', _('Feed Selection'));
243
244 /*
245 general settings tab
246 */
247 o = s.taboption('general', form.Flag, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
248 o.rmempty = false;
249
250 o = s.taboption('general', form.Flag, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of processing errors.'));
251 o.rmempty = false;
252
253 o = s.taboption('general', form.Flag, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network devices, interfaces, subnets, protocols and utilities automatically.'));
254 o.rmempty = false;
255
256 o = s.taboption('general', form.Flag, 'ban_protov4', _('IPv4 Support'), _('Enables IPv4 support.'));
257 o.depends('ban_autodetect', '0');
258 o.optional = true;
259 o.retain = true;
260
261 o = s.taboption('general', form.Flag, 'ban_protov6', _('IPv6 Support'), _('Enables IPv6 support.'));
262 o.depends('ban_autodetect', '0');
263 o.optional = true;
264 o.retain = true;
265
266 o = s.taboption('general', widgets.DeviceSelect, 'ban_dev', _('Network Devices'), _('Select the WAN network device(s).'));
267 o.depends('ban_autodetect', '0');
268 o.multiple = true;
269 o.nocreate = true;
270 o.optional = true;
271 o.retain = true;
272
273 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifv4', _('IPv4 Network Interfaces'), _('Select the logical WAN IPv4 network interface(s).'));
274 o.depends('ban_autodetect', '0');
275 o.multiple = true;
276 o.nocreate = true;
277 o.optional = true;
278 o.retain = true;
279
280 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifv6', _('IPv6 Network Interfaces'), _('Select the logical WAN IPv6 network interface(s).'));
281 o.depends('ban_autodetect', '0');
282 o.multiple = true;
283 o.nocreate = true;
284 o.optional = true;
285 o.retain = true;
286
287 o = s.taboption('general', form.ListValue, 'ban_fetchcmd', _('Download Utility'), _('Select one of the pre-configured download utilities.'));
288 o.depends('ban_autodetect', '0');
289 o.value('uclient-fetch');
290 o.value('wget');
291 o.value('curl');
292 o.value('aria2c');
293 o.optional = true;
294 o.retain = true;
295
296 o = s.taboption('general', form.Value, 'ban_fetchparm', _('Download Parameters'), _('Override the pre-configured download options for the selected download utility.'))
297 o.depends('ban_autodetect', '0');
298 o.optional = true;
299 o.retain = true;
300
301 o = s.taboption('general', widgets.NetworkSelect, 'ban_trigger', _('Reload Trigger Interface'), _('List of available reload trigger interface(s).'));
302 o.multiple = true;
303 o.nocreate = true;
304 o.rmempty = true;
305
306 o = s.taboption('general', form.Value, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds during interface reload and boot.'));
307 o.placeholder = '10';
308 o.datatype = 'range(1,300)';
309 o.rmempty = true;
310
311 o = s.taboption('general', form.ListValue, 'ban_fetchretry', _('Download Retries'), _('Number of download attempts in case of an error (not supported by uclient-fetch).'));
312 o.value('1', _('1'));
313 o.value('3', _('3'));
314 o.value('5', _('5 (default)'));
315 o.value('10', _('10'));
316 o.value('20', _('20'));
317 o.optional = true;
318 o.rmempty = true;
319
320 o = s.taboption('general', form.Flag, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
321 o.rmempty = true;
322
323 /*
324 additional settings tab
325 */
326 o = s.taboption('advanced', form.DummyValue, '_sub');
327 o.rawhtml = true;
328 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
329
330 o = s.taboption('advanced', form.ListValue, 'ban_nicelimit', _('Nice Level'), _('The selected priority will be used for banIP background processing.'));
331 o.value('-20', _('Highest Priority'));
332 o.value('-10', _('High Priority'));
333 o.value('0', _('Normal Priority (default)'));
334 o.value('10', _('Less Priority'));
335 o.value('19', _('Least Priority'));
336 o.optional = true;
337 o.rmempty = true;
338
339 o = s.taboption('advanced', form.ListValue, 'ban_filelimit', _('Max Open Files'), _('Increase the maximal number of open files, e.g. to handle the amount of temporary split files while loading the Sets.'));
340 o.value('512', _('512'));
341 o.value('1024', _('1024 (default)'));
342 o.value('2048', _('2048'));
343 o.value('4096', _('4096'));
344 o.optional = true;
345 o.rmempty = true;
346
347 o = s.taboption('advanced', form.ListValue, 'ban_cores', _('CPU Cores'), _('Limit the cpu cores used by banIP to save RAM.'));
348 o.value('1');
349 o.value('2');
350 o.value('4');
351 o.value('8');
352 o.value('16');
353 o.optional = true;
354 o.rmempty = true;
355
356 o = s.taboption('advanced', form.ListValue, 'ban_splitsize', _('Set Split Size'), _('Split external Set loading after every n members to save RAM.'));
357 o.value('512');
358 o.value('1024');
359 o.value('2048');
360 o.value('4096');
361 o.value('8192');
362 o.value('16384');
363 o.optional = true;
364 o.rmempty = true;
365
366 o = s.taboption('advanced', form.Value, 'ban_basedir', _('Base Directory'), _('Base working directory while banIP processing.'));
367 o.placeholder = '/tmp';
368 o.rmempty = true;
369
370 o = s.taboption('advanced', form.Value, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed feed backups.'));
371 o.placeholder = '/tmp/banIP-backup';
372 o.rmempty = true;
373
374 o = s.taboption('advanced', form.Value, 'ban_reportdir', _('Report Directory'), _('Target directory for banIP-related report files.'));
375 o.placeholder = '/tmp/banIP-report';
376 o.rmempty = true;
377
378 o = s.taboption('advanced', form.Flag, 'ban_deduplicate', _('Deduplicate IPs'), _('Deduplicate IP addresses across all active Sets and tidy up the local blocklist.'));
379 o.default = 1
380 o.rmempty = false;
381
382 o = s.taboption('advanced', form.Flag, 'ban_reportelements', _('Report Elements'), _('List Set elements in the status and report, disable this to reduce the CPU load.'));
383 o.default = 1
384 o.optional = true;
385
386 /*
387 advanced chain settings tab
388 */
389 o = s.taboption('adv_chain', form.DummyValue, '_sub');
390 o.rawhtml = true;
391 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
392
393 o = s.taboption('adv_chain', form.ListValue, 'ban_nftpriority', _('Chain Priority'), _('Set the nft chain priority within the banIP table, lower values means higher priority.'));
394 o.value('0', _('0'));
395 o.value('-100', _('-100 (default)'));
396 o.value('-150', _('-150'));
397 o.value('-200', _('-200'));
398 o.optional = true;
399 o.rmempty = true;
400
401 o = s.taboption('adv_chain', form.Value, 'ban_allowflag', _('Allow Protocol/Ports'), _('Always allow a protocol \(tcp/udp\) with certain ports or port ranges in WAN-Input and WAN-Forward chain.'));
402 o.placeholder = 'tcp 80 443-445';
403 o.rmempty = true;
404
405 o = s.taboption('adv_chain', widgets.DeviceSelect, 'ban_vlanallow', _('Allow VLAN Forwards'), _('Always allow certain VLAN forwards.'));
406 o.multiple = true;
407 o.nocreate = true;
408 o.optional = true;
409 o.rmempty = true;
410
411 o = s.taboption('adv_chain', widgets.DeviceSelect, 'ban_vlanblock', _('Block VLAN Forwards'), _('Always block certain VLAN forwards.'));
412 o.multiple = true;
413 o.nocreate = true;
414 o.optional = true;
415 o.rmempty = true;
416
417 o = s.taboption('adv_chain', form.ListValue, 'ban_icmplimit', _('ICMP-Treshold'), _('ICMP-Treshold in packets per second to prevent WAN-DDoS attacks.'));
418 o.value('1', _('1'));
419 o.value('10', _('10 (default)'));
420 o.value('50', _('50'));
421 o.value('100', _('100'));
422 o.value('250', _('250'));
423 o.value('500', _('500'));
424 o.optional = true;
425 o.rmempty = true;
426
427 o = s.taboption('adv_chain', form.ListValue, 'ban_synlimit', _('SYN-Treshold'), _('SYN-Treshold in packets per second to prevent WAN-DDoS attacks.'));
428 o.value('1', _('1'));
429 o.value('10', _('10 (default)'));
430 o.value('50', _('50'));
431 o.value('100', _('100'));
432 o.value('250', _('250'));
433 o.value('500', _('500'));
434 o.optional = true;
435 o.rmempty = true;
436
437 o = s.taboption('adv_chain', form.ListValue, 'ban_udplimit', _('UDP-Treshold'), _('UDP-Treshold in packets per second to prevent WAN-DDoS attacks.'));
438 o.value('1', _('1'));
439 o.value('10', _('10'));
440 o.value('50', _('50'));
441 o.value('100', _('100 (default)'));
442 o.value('250', _('250'));
443 o.value('500', _('500'));
444 o.optional = true;
445 o.rmempty = true;
446
447 /*
448 advanced Set settings tab
449 */
450 o = s.taboption('adv_set', form.DummyValue, '_sub');
451 o.rawhtml = true;
452 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
453
454 o = s.taboption('adv_set', form.ListValue, 'ban_nftpolicy', _('Set Policy'), _('Set the nft policy for banIP-related Sets.'));
455 o.value('memory', _('memory (default)'));
456 o.value('performance', _('performance'));
457 o.optional = true;
458 o.rmempty = true;
459
460 o = s.taboption('adv_set', form.ListValue, 'ban_blocktype', _('Block Type'), _('Drop packets silently or actively reject the traffic on WAN-Input and WAN-Forward chains.'));
461 o.value('drop', _('drop (default)'));
462 o.value('reject', _('reject'));
463 o.optional = true;
464 o.rmempty = true;
465
466 o = s.taboption('adv_set', form.ListValue, 'ban_blockpolicy', _('Default Block Policy'), _('By default each feed is active in all supported chains. Limit the default block policy to a certain chain.'));
467 o.value('input', _('WAN-Input Chain'));
468 o.value('forwardwan', _('WAN-Forward Chain'));
469 o.value('forwardlan', _('LAN-Forward Chain'));
470 o.optional = true;
471 o.rmempty = true;
472
473 let feed, feeds, descr;
474 if (result[0]) {
475 try {
476 feeds = JSON.parse(result[0]);
477 } catch (e) {
478 feeds = "";
479 ui.addNotification(null, E('p', _('Unable to parse the custom feed file: %s').format(e.message)), 'error');
480 }
481 } else if (result[1]) {
482 try {
483 feeds = JSON.parse(result[1]);
484 } catch (e) {
485 feeds = "";
486 ui.addNotification(null, E('p', _('Unable to parse the default feed file: %s').format(e.message)), 'error');
487 }
488 }
489 if (feeds) {
490 o = s.taboption('adv_set', form.MultiValue, 'ban_blockinput', _('WAN-Input Chain'), _('Limit certain feeds to the WAN-Input chain.'));
491 o.value('allowlist', _('local allowlist'));
492 o.value('blocklist', _('local blocklist'));
493 for (let i = 0; i < Object.keys(feeds).length; i++) {
494 feed = Object.keys(feeds)[i].trim();
495 o.value(feed);
496 }
497 o.optional = true;
498 o.rmempty = true;
499
500 o = s.taboption('adv_set', form.MultiValue, 'ban_blockforwardwan', _('WAN-Forward Chain'), _('Limit certain feeds to the WAN-Forward chain.'));
501 o.value('allowlist', _('local allowlist'));
502 o.value('blocklist', _('local blocklist'));
503 for (let i = 0; i < Object.keys(feeds).length; i++) {
504 feed = Object.keys(feeds)[i].trim();
505 o.value(feed);
506 }
507 o.optional = true;
508 o.rmempty = true;
509
510 o = s.taboption('adv_set', form.MultiValue, 'ban_blockforwardlan', _('LAN-Forward Chain'), _('Limit certain feeds to the LAN-Forward chain.'));
511 o.value('allowlist', _('local allowlist'));
512 o.value('blocklist', _('local blocklist'));
513 for (let i = 0; i < Object.keys(feeds).length; i++) {
514 feed = Object.keys(feeds)[i].trim();
515 o.value(feed);
516 }
517 o.optional = true;
518 o.rmempty = true;
519 }
520
521 /*
522 advanced log settings tab
523 */
524 o = s.taboption('adv_log', form.DummyValue, '_sub');
525 o.rawhtml = true;
526 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
527
528 o = s.taboption('adv_log', form.ListValue, 'ban_nftloglevel', _('NFT Log Level'), _('Set the syslog level for NFT logging.'));
529 o.value('emerg', _('emerg'));
530 o.value('alert', _('alert'));
531 o.value('crit', _('crit'));
532 o.value('err', _('err'));
533 o.value('warn', _('warn (default)'));
534 o.value('notice', _('notice'));
535 o.value('info', _('info'));
536 o.value('debug', _('debug'));
537 o.optional = true;
538 o.rmempty = true;
539
540 o = s.taboption('adv_log', form.Flag, 'ban_logprerouting', _('Log Prerouting'), _('Log suspicious Prerouting packets.'));
541 o.rmempty = false;
542
543 o = s.taboption('adv_log', form.Flag, 'ban_loginput', _('Log WAN-Input'), _('Log suspicious incoming WAN packets.'));
544 o.rmempty = false;
545
546 o = s.taboption('adv_log', form.Flag, 'ban_logforwardwan', _('Log WAN-Forward'), _('Log suspicious forwarded WAN packets.'));
547 o.rmempty = false;
548
549 o = s.taboption('adv_log', form.Flag, 'ban_logforwardlan', _('Log LAN-Forward'), _('Log suspicious forwarded LAN packets.'));
550 o.rmempty = false;
551
552 o = s.taboption('adv_log', form.Value, 'ban_logreadfile', _('Logfile Location'), _('Location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread.'));
553 o.placeholder = '/var/log/messages';
554 o.rmempty = true;
555
556 o = s.taboption('adv_log', form.ListValue, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events. To disable the log monitor at all set it to \'0\'.'));
557 o.value('0', _('0 (disable)'));
558 o.value('50', _('50'));
559 o.value('100', _('100 (default)'));
560 o.value('250', _('250'));
561 o.value('500', _('500'));
562 o.value('1000', _('1000'));
563 o.optional = true;
564 o.rmempty = true;
565
566 o = s.taboption('adv_log', form.Value, 'ban_logcount', _('Log Count'), _('Number of failed login attempts of the same IP in the log before blocking.'));
567 o.placeholder = '1';
568 o.datatype = 'range(1,10)';
569 o.rmempty = true;
570
571 o = s.taboption('adv_log', form.DynamicList, 'ban_logterm', _('Log Terms'), _('The default regular expressions are filtering suspicious ssh, LuCI, nginx and asterisk traffic.'));
572 o.optional = true;
573 o.rmempty = true;
574
575 o = s.taboption('adv_log', form.Flag, 'ban_remotelog', _('Enable Remote Logging'), _('Enable the cgi interface to receive remote logging events.'));
576 o.default = 0
577 o.optional = true;
578 o.rmempty = true;
579
580 o = s.taboption('adv_log', form.Value, 'ban_remotetoken', _('Remote Token'), _('Token to communicate with the cgi interface.'));
581 o.depends('ban_remotelog', '1');
582 o.datatype = 'and(minlength(3),maxlength(20))';
583 o.validate = function (section_id, value) {
584 if (!value) {
585 return _('Empty field not allowed');
586 }
587 if (!value.match(/^[A-Za-z0-9\.\:]+$/)) {
588 return _('Invalid characters');
589 }
590 return true;
591 }
592 o.optional = true;
593 o.rmempty = true;
594
595 /*
596 advanced email settings tab
597 */
598 o = s.taboption('adv_email', form.DummyValue, '_sub');
599 o.rawhtml = true;
600 o.default = '<em style="color:#37c;font-weight:bold;">' + _('To enable email notifications, set up the \'msmtp\' package and specify a vaild E-Mail receiver address.') + '</em>';
601
602 o = s.taboption('adv_email', form.Flag, 'ban_mailnotification', _('E-Mail Notification'), _('Receive E-Mail notifications with every banIP run.'));
603 o.rmempty = true;
604
605 o = s.taboption('adv_email', form.Value, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification E-Mails, this information is required to enable E-Mail functionality.'));
606 o.placeholder = 'name@example.com';
607 o.rmempty = true;
608
609 o = s.taboption('adv_email', form.Value, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
610 o.placeholder = 'no-reply@banIP';
611 o.rmempty = true;
612
613 o = s.taboption('adv_email', form.Value, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
614 o.placeholder = 'banIP notification';
615 o.rmempty = true;
616
617 o = s.taboption('adv_email', form.Value, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
618 o.placeholder = 'ban_notify';
619 o.datatype = 'uciname';
620 o.rmempty = true;
621
622 /*
623 feeds tab
624 */
625 o = s.taboption('feeds', form.DummyValue, '_sub');
626 o.rawhtml = true;
627 o.default = '<em style="color:#37c;font-weight:bold;">' + _('External Blocklist Feeds') + '</em>';
628
629 if (feeds) {
630 o = s.taboption('feeds', form.MultiValue, 'ban_feed', _('Blocklist Feed'));
631 for (let i = 0; i < Object.keys(feeds).length; i++) {
632 feed = Object.keys(feeds)[i].trim();
633 descr = feeds[feed].descr.trim() || '-';
634 o.value(feed, feed + ' (' + descr + ')');
635 }
636 o.optional = true;
637 o.rmempty = true;
638 }
639
640 let ccode, rir, country, countries = [];
641 if (result[2]) {
642 countries = result[2].trim().split('\n');
643
644 o = s.taboption('feeds', form.MultiValue, 'ban_country', _('Countries (RIR)'));
645 for (let i = 0; i < countries.length; i++) {
646 try {
647 ccode = countries[i].match(/^(\w+)\t/)[1].trim();
648 rir = countries[i].match(/^\w+\t(\w+)\t/)[1].trim();
649 country = countries[i].match(/^\w+\t\w+\t(.*$)/)[1].trim();
650 o.value(ccode, country + ' (' + rir + ')');
651 } catch (e) {
652 countries[i] = "";
653 ui.addNotification(null, E('p', _('Unable to parse the countries file: %s').format(e.message)), 'error');
654 }
655 }
656 o.optional = true;
657 o.rmempty = true;
658 }
659
660 o = s.taboption('feeds', form.MultiValue, 'ban_region', _('Regional Internet Registry'));
661 o.value('AFRINIC', _('AFRINIC - serving Africa and the Indian Ocean region'));
662 o.value('APNIC', _('APNIC - serving the Asia Pacific region'));
663 o.value('ARIN', _('ARIN - serving Canada and the United States'));
664 o.value('LACNIC', _('LACNIC - serving the Latin American and Caribbean region'));
665 o.value('RIPE', _('RIPE - serving Europe, Middle East and Central Asia'));
666 o.optional = true;
667 o.rmempty = true;
668
669 o = s.taboption('feeds', form.DynamicList, 'ban_asn', _('ASNs'));
670 o.datatype = 'uinteger';
671 o.optional = true;
672 o.rmempty = true;
673
674 o = s.taboption('feeds', form.DummyValue, '_feeds');
675 o.rawhtml = true;
676 o.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('External Allowlist Feeds') + '</em>';
677
678 o = s.taboption('feeds', form.DynamicList, 'ban_allowurl', _('Allowlist Feed URLs'));
679 if (countries) {
680 for (let i = 0; i < countries.length; i++) {
681 try {
682 ccode = countries[i].match(/^(\w+)\t/)[1].trim();
683 rir = countries[i].match(/^\w+\t(\w+)\t/)[1].trim();
684 country = countries[i].match(/^\w+\t\w+\t(.*$)/)[1].trim();
685 o.value('https://www.ipdeny.com/ipblocks/data/aggregated/' + ccode + '-aggregated.zone', country + ' IPv4 (' + rir + ')');
686 o.value('https://www.ipdeny.com/ipv6/ipaddresses/aggregated/' + ccode + '-aggregated.zone', country + ' IPv6 (' + rir + ')');
687 } catch (e) {
688 countries[i] = "";
689 }
690 }
691 }
692 o.optional = true;
693 o.rmempty = true;
694 o.validate = function (section_id, value) {
695 if (!value) {
696 return true;
697 }
698 if (!value.match(/^(http:\/\/|https:\/\/)[A-Za-z0-9\/\.\-_\?\&\+=:~#]+$/)) {
699 return _('Protocol/URL format not supported');
700 }
701 return true;
702 }
703
704 o = s.taboption('feeds', form.DummyValue, '_feeds');
705 o.rawhtml = true;
706 o.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('Local Feed Settings') + '</em>';
707
708 o = s.taboption('feeds', form.Flag, 'ban_autoallowlist', _('Auto Allowlist'), _('Automatically add resolved domains and uplink IPs to the local banIP allowlist.'));
709 o.default = 1
710 o.rmempty = false;
711
712 o = s.taboption('feeds', form.ListValue, 'ban_autoallowuplink', _('Auto Allow Uplink'), _('Limit the uplink autoallow function.'));
713 o.depends('ban_autoallowlist', '1');
714 o.value('disable', _('Disable'));
715 o.value('subnet', _('Subnet (default)'));
716 o.value('ip', _('IP'));
717 o.optional = true;
718 o.rmempty = true;
719
720 o = s.taboption('feeds', form.Flag, 'ban_autoblocklist', _('Auto Blocklist'), _('Automatically add resolved domains and suspicious IPs to the local banIP blocklist.'));
721 o.default = 1
722 o.rmempty = false;
723
724 o = s.taboption('feeds', form.Flag, 'ban_autoblocksubnet', _('Auto Block Subnet'), _('Automatically add entire subnets to the blocklist Set based on an additional RDAP request with the suspicious IP.'));
725 o.default = 0
726 o.optional = true;
727 o.rmempty = true;
728
729 o = s.taboption('feeds', form.ListValue, 'ban_nftexpiry', _('Blocklist Set Expiry'), _('Expiry time for auto added blocklist Set members.'));
730 o.value('10s');
731 o.value('1m');
732 o.value('5m');
733 o.value('1h');
734 o.value('2h');
735 o.value('1d');
736 o.optional = true;
737 o.rmempty = true;
738
739 o = s.taboption('feeds', form.Flag, 'ban_allowlistonly', _('Allowlist Only'), _('Restrict the internet access from/to a small number of secure IPs.'));
740 o.rmempty = false;
741
742 return m.render();
743 },
744 handleReset: null
745 });
Lua Configuration Interface (mirror)