projects / project / luci.git / blob
? search:


850b9a446f98488663a7f3aa6e63c1de34a3f720
[project/luci.git] / applications / luci-app-banip / htdocs / luci-static / resources / view / banip / overview.js
1 'use strict';
2 'require dom';
3 'require view';
4 'require poll';
5 'require fs';
6 'require ui';
7 'require uci';
8 'require form';
9 'require tools.widgets as widgets';
10
11 /*
12 button handling
13 */
14 function handleAction(ev) {
15 if (ev === 'restart') {
16 let map = document.querySelector('.cbi-map');
17 dom.callClassMethod(map, 'save').then(function() {
18 classes.ui.changes.apply(false);
19 });
20 }
21 return fs.exec_direct('/etc/init.d/banip', [ev])
22 }
23
24 return view.extend({
25 load: function () {
26 return Promise.all([
27 L.resolveDefault(fs.read_direct('/etc/banip/banip.custom.feeds'), ''),
28 L.resolveDefault(fs.read_direct('/etc/banip/banip.feeds'), ''),
29 L.resolveDefault(fs.read_direct('/etc/banip/banip.countries'), ''),
30 uci.load('banip')
31 ]);
32 },
33
34 render: function (result) {
35 let m, s, o;
36
37 m = new form.Map('banip', 'banIP', _('Configuration of the banIP package to ban incoming and outgoing IPs via named nftables Sets. \
38 For further information please check the <a style="color:#37c;font-weight:bold;" href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >online documentation</a>'));
39
40 /*
41 poll runtime information
42 */
43 let buttons, rtRes, infStat, infVer, infElements, infFeeds, infDevices, infUplink, infSystem, nftInfos, runInfos, infFlags, last_run
44
45 pollData: poll.add(function () {
46 return L.resolveDefault(fs.stat('/var/run/banip.lock')).then(function (stat) {
47 buttons = document.querySelectorAll('.cbi-button');
48 infStat = document.getElementById('status');
49 if (stat) {
50 for (let i = 0; i < buttons.length; i++) {
51 buttons[i].setAttribute('disabled', 'true');
52 }
53 if (infStat && !infStat.classList.contains('spinning')) {
54 infStat.classList.add('spinning');
55 }
56 } else {
57 for (let i = 0; i < buttons.length; i++) {
58 buttons[i].removeAttribute('disabled');
59 }
60 if (infStat && infStat.classList.contains('spinning')) {
61 infStat.classList.remove('spinning');
62 }
63 }
64 L.resolveDefault(fs.exec_direct('/etc/init.d/banip', ['status'])).then(function (result) {
65 if (result) {
66 rtRes = result.trim().split('\n');
67 if (rtRes) {
68 for (let i = 0; i < rtRes.length; i++) {
69 if (rtRes[i].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)) {
70 rtRes.status = rtRes[i].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)[1];
71 } else if (rtRes[i].match(/^\s+\+\sversion\s+\:\s+(.*)$/)) {
72 rtRes.version = rtRes[i].match(/^\s+\+\sversion\s+\:\s+(.*)$/)[1];
73 } else if (rtRes[i].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)) {
74 rtRes.elementCount = rtRes[i].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)[1];
75 } else if (rtRes[i].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)) {
76 rtRes.activeFeeds = rtRes[i].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)[1];
77 } else if (rtRes[i].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)) {
78 rtRes.activeDevices = rtRes[i].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)[1];
79 } else if (rtRes[i].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)) {
80 rtRes.activeUplink = rtRes[i].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)[1];
81 } else if (rtRes[i].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)) {
82 rtRes.nftInfo = rtRes[i].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)[1];
83 } else if (rtRes[i].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)) {
84 rtRes.runInfo = rtRes[i].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)[1];
85 } else if (rtRes[i].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)) {
86 rtRes.runFlags = rtRes[i].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)[1];
87 } else if (rtRes[i].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)) {
88 rtRes.lastRun = rtRes[i].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)[1];
89 } else if (rtRes[i].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)) {
90 rtRes.systemInfo = rtRes[i].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)[1];
91 }
92 }
93 }
94 if (rtRes) {
95 infStat = document.getElementById('status');
96 if (infStat) {
97 infStat.textContent = rtRes.status || '-';
98 }
99 infVer = document.getElementById('version');
100 if (infVer) {
101 infVer.textContent = rtRes.version || '-';
102 }
103 infElements = document.getElementById('elements');
104 if (infElements) {
105 infElements.textContent = rtRes.elementCount || '-';
106 }
107 infFeeds = document.getElementById('feeds');
108 if (infFeeds) {
109 infFeeds.textContent = rtRes.activeFeeds || '-';
110 }
111 infDevices = document.getElementById('devices');
112 if (infDevices) {
113 infDevices.textContent = rtRes.activeDevices || '-';
114 }
115 infUplink = document.getElementById('uplink');
116 if (infUplink) {
117 infUplink.textContent = rtRes.activeUplink || '-';
118 }
119 nftInfos = document.getElementById('nft');
120 if (nftInfos) {
121 nftInfos.textContent = rtRes.nftInfo || '-';
122 }
123 runInfos = document.getElementById('run');
124 if (runInfos) {
125 runInfos.textContent = rtRes.runInfo || '-';
126 }
127 infFlags = document.getElementById('flags');
128 if (infFlags) {
129 infFlags.textContent = rtRes.runFlags || '-';
130 }
131 last_run = document.getElementById('last');
132 if (last_run) {
133 last_run.textContent = rtRes.lastRun || '-';
134 }
135 infSystem = document.getElementById('system');
136 if (infSystem) {
137 infSystem.textContent = rtRes.systemInfo || '-';
138 }
139 }
140 } else {
141 infStat = document.getElementById('status');
142 if (infStat) {
143 infStat.textContent = '-';
144 poll.stop();
145 if (infStat.classList.contains('spinning')) {
146 infStat.classList.remove('spinning');
147 }
148 }
149 }
150 });
151 });
152 }, 2);
153
154 /*
155 runtime information and buttons
156 */
157 s = m.section(form.NamedSection, 'global');
158 s.render = L.bind(function (view, section_id) {
159 return E('div', { 'class': 'cbi-section' }, [
160 E('h3', _('Information')),
161 E('div', { 'class': 'cbi-value' }, [
162 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Status')),
163 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '\xa0')
164 ]),
165 E('div', { 'class': 'cbi-value' }, [
166 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Version')),
167 E('div', { 'class': 'cbi-value-field', 'id': 'version', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
168 ]),
169 E('div', { 'class': 'cbi-value' }, [
170 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Element Count')),
171 E('div', { 'class': 'cbi-value-field', 'id': 'elements', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
172 ]),
173 E('div', { 'class': 'cbi-value' }, [
174 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Feeds')),
175 E('div', { 'class': 'cbi-value-field', 'id': 'feeds', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
176 ]),
177 E('div', { 'class': 'cbi-value' }, [
178 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Devices')),
179 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
180 ]),
181 E('div', { 'class': 'cbi-value' }, [
182 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Uplink')),
183 E('div', { 'class': 'cbi-value-field', 'id': 'uplink', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
184 ]),
185 E('div', { 'class': 'cbi-value' }, [
186 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('NFT Information')),
187 E('div', { 'class': 'cbi-value-field', 'id': 'nft', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
188 ]),
189 E('div', { 'class': 'cbi-value' }, [
190 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Run Information')),
191 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
192 ]),
193 E('div', { 'class': 'cbi-value' }, [
194 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Run Flags')),
195 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
196 ]),
197 E('div', { 'class': 'cbi-value' }, [
198 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Last Run')),
199 E('div', { 'class': 'cbi-value-field', 'id': 'last', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
200 ]),
201 E('div', { 'class': 'cbi-value' }, [
202 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('System Information')),
203 E('div', { 'class': 'cbi-value-field', 'id': 'system', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
204 ]),
205 E('div', { class: 'right' }, [
206 E('button', {
207 'class': 'btn cbi-button cbi-button-action',
208 'click': ui.createHandlerFn(this, function () {
209 return handleAction('lookup');
210 })
211 }, [_('Domain Lookup')]),
212 '\xa0\xa0\xa0',
213 E('button', {
214 'class': 'btn cbi-button cbi-button-negative',
215 'click': ui.createHandlerFn(this, function () {
216 return handleAction('stop');
217 })
218 }, [_('Stop')]),
219 '\xa0\xa0\xa0',
220 E('button', {
221 'class': 'btn cbi-button cbi-button-positive',
222 'click': ui.createHandlerFn(this, function () {
223 return handleAction('reload');
224 })
225 }, [_('Reload')]),
226 '\xa0\xa0\xa0',
227 E('button', {
228 'class': 'btn cbi-button cbi-button-positive',
229 'click': ui.createHandlerFn(this, function () {
230 return handleAction('restart');
231 })
232 }, [_('Apply & Restart')])
233 ])
234 ]);
235 }, o, this);
236 this.pollData;
237
238 /*
239 tabbed config section
240 */
241 s = m.section(form.NamedSection, 'global', 'banip', _('Settings'));
242 s.addremove = false;
243 s.tab('general', _('General Settings'));
244 s.tab('advanced', _('Advanced Settings'));
245 s.tab('adv_chain', _('Table/Chain Settings'));
246 s.tab('adv_set', _('Feed/Set Settings'));
247 s.tab('adv_log', _('Log Settings'));
248 s.tab('adv_email', _('E-Mail Settings'));
249 s.tab('feeds', _('Feed Selection'));
250
251 /*
252 general settings tab
253 */
254 o = s.taboption('general', form.Flag, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
255 o.rmempty = false;
256
257 o = s.taboption('general', form.Flag, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of processing errors.'));
258 o.rmempty = false;
259
260 o = s.taboption('general', form.Flag, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network devices, interfaces, subnets, protocols and utilities automatically.'));
261 o.rmempty = false;
262
263 o = s.taboption('general', form.Flag, 'ban_protov4', _('IPv4 Support'), _('Enables IPv4 support.'));
264 o.depends('ban_autodetect', '0');
265 o.optional = true;
266 o.retain = true;
267
268 o = s.taboption('general', form.Flag, 'ban_protov6', _('IPv6 Support'), _('Enables IPv6 support.'));
269 o.depends('ban_autodetect', '0');
270 o.optional = true;
271 o.retain = true;
272
273 o = s.taboption('general', widgets.DeviceSelect, 'ban_dev', _('Network Devices'), _('Select the WAN network device(s).'));
274 o.depends('ban_autodetect', '0');
275 o.multiple = true;
276 o.nocreate = true;
277 o.optional = true;
278 o.retain = true;
279
280 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifv4', _('IPv4 Network Interfaces'), _('Select the logical WAN IPv4 network interface(s).'));
281 o.depends('ban_autodetect', '0');
282 o.multiple = true;
283 o.nocreate = true;
284 o.optional = true;
285 o.retain = true;
286
287 o = s.taboption('general', widgets.NetworkSelect, 'ban_ifv6', _('IPv6 Network Interfaces'), _('Select the logical WAN IPv6 network interface(s).'));
288 o.depends('ban_autodetect', '0');
289 o.multiple = true;
290 o.nocreate = true;
291 o.optional = true;
292 o.retain = true;
293
294 o = s.taboption('general', form.ListValue, 'ban_fetchcmd', _('Download Utility'), _('Select one of the pre-configured download utilities.'));
295 o.depends('ban_autodetect', '0');
296 o.value('uclient-fetch');
297 o.value('wget');
298 o.value('curl');
299 o.value('aria2c');
300 o.optional = true;
301 o.retain = true;
302
303 o = s.taboption('general', form.Value, 'ban_fetchparm', _('Download Parameters'), _('Override the pre-configured download options for the selected download utility.'))
304 o.depends('ban_autodetect', '0');
305 o.optional = true;
306 o.retain = true;
307
308 o = s.taboption('general', widgets.NetworkSelect, 'ban_trigger', _('Reload Trigger Interface'), _('List of available reload trigger interface(s).'));
309 o.multiple = true;
310 o.nocreate = true;
311 o.rmempty = true;
312
313 o = s.taboption('general', form.Value, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds during interface reload and boot.'));
314 o.placeholder = '10';
315 o.datatype = 'range(1,300)';
316 o.rmempty = true;
317
318 o = s.taboption('general', form.ListValue, 'ban_fetchretry', _('Download Retries'), _('Number of download attempts in case of an error (not supported by uclient-fetch).'));
319 o.value('1', _('1'));
320 o.value('3', _('3'));
321 o.value('5', _('5 (default)'));
322 o.value('10', _('10'));
323 o.value('20', _('20'));
324 o.optional = true;
325 o.rmempty = true;
326
327 o = s.taboption('general', form.Flag, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
328 o.rmempty = true;
329
330 /*
331 additional settings tab
332 */
333 o = s.taboption('advanced', form.DummyValue, '_sub');
334 o.rawhtml = true;
335 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
336
337 o = s.taboption('advanced', form.ListValue, 'ban_nicelimit', _('Nice Level'), _('The selected priority will be used for banIP background processing.'));
338 o.value('-20', _('Highest Priority'));
339 o.value('-10', _('High Priority'));
340 o.value('0', _('Normal Priority (default)'));
341 o.value('10', _('Less Priority'));
342 o.value('19', _('Least Priority'));
343 o.optional = true;
344 o.rmempty = true;
345
346 o = s.taboption('advanced', form.ListValue, 'ban_filelimit', _('Max Open Files'), _('Increase the maximal number of open files, e.g. to handle the amount of temporary split files while loading the Sets.'));
347 o.value('512', _('512'));
348 o.value('1024', _('1024 (default)'));
349 o.value('2048', _('2048'));
350 o.value('4096', _('4096'));
351 o.optional = true;
352 o.rmempty = true;
353
354 o = s.taboption('advanced', form.ListValue, 'ban_cores', _('CPU Cores'), _('Limit the cpu cores used by banIP to save RAM.'));
355 o.value('1');
356 o.value('2');
357 o.value('4');
358 o.value('8');
359 o.value('16');
360 o.optional = true;
361 o.rmempty = true;
362
363 o = s.taboption('advanced', form.ListValue, 'ban_splitsize', _('Set Split Size'), _('Split external Set loading after every n members to save RAM.'));
364 o.value('512');
365 o.value('1024');
366 o.value('2048');
367 o.value('4096');
368 o.value('8192');
369 o.value('16384');
370 o.optional = true;
371 o.rmempty = true;
372
373 o = s.taboption('advanced', form.Value, 'ban_basedir', _('Base Directory'), _('Base working directory while banIP processing.'));
374 o.placeholder = '/tmp';
375 o.rmempty = true;
376
377 o = s.taboption('advanced', form.Value, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed feed backups.'));
378 o.placeholder = '/tmp/banIP-backup';
379 o.rmempty = true;
380
381 o = s.taboption('advanced', form.Value, 'ban_reportdir', _('Report Directory'), _('Target directory for banIP-related report files.'));
382 o.placeholder = '/tmp/banIP-report';
383 o.rmempty = true;
384
385 o = s.taboption('advanced', form.Flag, 'ban_deduplicate', _('Deduplicate IPs'), _('Deduplicate IP addresses across all active Sets and tidy up the local blocklist.'));
386 o.default = 1
387 o.rmempty = false;
388
389 o = s.taboption('advanced', form.Flag, 'ban_reportelements', _('Report Elements'), _('List Set elements in the status and report, disable this to reduce the CPU load.'));
390 o.default = 1
391 o.optional = true;
392
393 /*
394 advanced chain settings tab
395 */
396 o = s.taboption('adv_chain', form.DummyValue, '_sub');
397 o.rawhtml = true;
398 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
399
400 o = s.taboption('adv_chain', form.ListValue, 'ban_nftpriority', _('Chain Priority'), _('Set the nft chain priority within the banIP table, lower values means higher priority.'));
401 o.value('0', _('0'));
402 o.value('-100', _('-100 (default)'));
403 o.value('-150', _('-150'));
404 o.value('-200', _('-200'));
405 o.optional = true;
406 o.rmempty = true;
407
408 o = s.taboption('adv_chain', form.Value, 'ban_allowflag', _('Allow Protocol/Ports'), _('Always allow a protocol \(tcp/udp\) with certain ports or port ranges in WAN-Input and WAN-Forward chain.'));
409 o.placeholder = 'tcp 80 443-445';
410 o.rmempty = true;
411
412 o = s.taboption('adv_chain', widgets.DeviceSelect, 'ban_vlanallow', _('Allow VLAN Forwards'), _('Always allow certain VLAN forwards.'));
413 o.multiple = true;
414 o.nocreate = true;
415 o.optional = true;
416 o.rmempty = true;
417
418 o = s.taboption('adv_chain', widgets.DeviceSelect, 'ban_vlanblock', _('Block VLAN Forwards'), _('Always block certain VLAN forwards.'));
419 o.multiple = true;
420 o.nocreate = true;
421 o.optional = true;
422 o.rmempty = true;
423
424 o = s.taboption('adv_chain', form.ListValue, 'ban_icmplimit', _('ICMP-Treshold'), _('ICMP-Treshold in packets per second to prevent WAN-DDoS attacks.'));
425 o.value('1', _('1'));
426 o.value('10', _('10 (default)'));
427 o.value('50', _('50'));
428 o.value('100', _('100'));
429 o.value('250', _('250'));
430 o.value('500', _('500'));
431 o.optional = true;
432 o.rmempty = true;
433
434 o = s.taboption('adv_chain', form.ListValue, 'ban_synlimit', _('SYN-Treshold'), _('SYN-Treshold in packets per second to prevent WAN-DDoS attacks.'));
435 o.value('1', _('1'));
436 o.value('10', _('10 (default)'));
437 o.value('50', _('50'));
438 o.value('100', _('100'));
439 o.value('250', _('250'));
440 o.value('500', _('500'));
441 o.optional = true;
442 o.rmempty = true;
443
444 o = s.taboption('adv_chain', form.ListValue, 'ban_udplimit', _('UDP-Treshold'), _('UDP-Treshold in packets per second to prevent WAN-DDoS attacks.'));
445 o.value('1', _('1'));
446 o.value('10', _('10'));
447 o.value('50', _('50'));
448 o.value('100', _('100 (default)'));
449 o.value('250', _('250'));
450 o.value('500', _('500'));
451 o.optional = true;
452 o.rmempty = true;
453
454 /*
455 advanced Set settings tab
456 */
457 o = s.taboption('adv_set', form.DummyValue, '_sub');
458 o.rawhtml = true;
459 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
460
461 o = s.taboption('adv_set', form.ListValue, 'ban_nftpolicy', _('Set Policy'), _('Set the nft policy for banIP-related Sets.'));
462 o.value('memory', _('memory (default)'));
463 o.value('performance', _('performance'));
464 o.optional = true;
465 o.rmempty = true;
466
467 o = s.taboption('adv_set', form.ListValue, 'ban_blocktype', _('Block Type'), _('Drop packets silently or actively reject the traffic on WAN-Input and WAN-Forward chains.'));
468 o.value('drop', _('drop (default)'));
469 o.value('reject', _('reject'));
470 o.optional = true;
471 o.rmempty = true;
472
473 o = s.taboption('adv_set', form.ListValue, 'ban_blockpolicy', _('Default Block Policy'), _('By default each feed is active in all supported chains. Limit the default block policy to a certain chain.'));
474 o.value('input', _('WAN-Input Chain'));
475 o.value('forwardwan', _('WAN-Forward Chain'));
476 o.value('forwardlan', _('LAN-Forward Chain'));
477 o.optional = true;
478 o.rmempty = true;
479
480 let feed, feeds, descr;
481 if (result[0]) {
482 try {
483 feeds = JSON.parse(result[0]);
484 } catch (e) {
485 feeds = "";
486 ui.addNotification(null, E('p', _('Unable to parse the custom feed file: %s').format(e.message)), 'error');
487 }
488 } else if (result[1]) {
489 try {
490 feeds = JSON.parse(result[1]);
491 } catch (e) {
492 feeds = "";
493 ui.addNotification(null, E('p', _('Unable to parse the default feed file: %s').format(e.message)), 'error');
494 }
495 }
496 if (feeds) {
497 o = s.taboption('adv_set', form.MultiValue, 'ban_blockinput', _('WAN-Input Chain'), _('Limit certain feeds to the WAN-Input chain.'));
498 o.value('allowlist', _('local allowlist'));
499 o.value('blocklist', _('local blocklist'));
500 for (let i = 0; i < Object.keys(feeds).length; i++) {
501 feed = Object.keys(feeds)[i].trim();
502 o.value(feed);
503 }
504 o.optional = true;
505 o.rmempty = true;
506
507 o = s.taboption('adv_set', form.MultiValue, 'ban_blockforwardwan', _('WAN-Forward Chain'), _('Limit certain feeds to the WAN-Forward chain.'));
508 o.value('allowlist', _('local allowlist'));
509 o.value('blocklist', _('local blocklist'));
510 for (let i = 0; i < Object.keys(feeds).length; i++) {
511 feed = Object.keys(feeds)[i].trim();
512 o.value(feed);
513 }
514 o.optional = true;
515 o.rmempty = true;
516
517 o = s.taboption('adv_set', form.MultiValue, 'ban_blockforwardlan', _('LAN-Forward Chain'), _('Limit certain feeds to the LAN-Forward chain.'));
518 o.value('allowlist', _('local allowlist'));
519 o.value('blocklist', _('local blocklist'));
520 for (let i = 0; i < Object.keys(feeds).length; i++) {
521 feed = Object.keys(feeds)[i].trim();
522 o.value(feed);
523 }
524 o.optional = true;
525 o.rmempty = true;
526 }
527
528 /*
529 advanced log settings tab
530 */
531 o = s.taboption('adv_log', form.DummyValue, '_sub');
532 o.rawhtml = true;
533 o.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
534
535 o = s.taboption('adv_log', form.ListValue, 'ban_nftloglevel', _('NFT Log Level'), _('Set the syslog level for NFT logging.'));
536 o.value('emerg', _('emerg'));
537 o.value('alert', _('alert'));
538 o.value('crit', _('crit'));
539 o.value('err', _('err'));
540 o.value('warn', _('warn (default)'));
541 o.value('notice', _('notice'));
542 o.value('info', _('info'));
543 o.value('debug', _('debug'));
544 o.optional = true;
545 o.rmempty = true;
546
547 o = s.taboption('adv_log', form.Flag, 'ban_logprerouting', _('Log Prerouting'), _('Log suspicious Prerouting packets.'));
548 o.rmempty = false;
549
550 o = s.taboption('adv_log', form.Flag, 'ban_loginput', _('Log WAN-Input'), _('Log suspicious incoming WAN packets.'));
551 o.rmempty = false;
552
553 o = s.taboption('adv_log', form.Flag, 'ban_logforwardwan', _('Log WAN-Forward'), _('Log suspicious forwarded WAN packets.'));
554 o.rmempty = false;
555
556 o = s.taboption('adv_log', form.Flag, 'ban_logforwardlan', _('Log LAN-Forward'), _('Log suspicious forwarded LAN packets.'));
557 o.rmempty = false;
558
559 o = s.taboption('adv_log', form.Value, 'ban_logreadfile', _('Logfile Location'), _('Location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread.'));
560 o.placeholder = '/var/log/messages';
561 o.rmempty = true;
562
563 o = s.taboption('adv_log', form.ListValue, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events. To disable the log monitor at all set it to \'0\'.'));
564 o.value('0', _('0 (disable)'));
565 o.value('50', _('50'));
566 o.value('100', _('100 (default)'));
567 o.value('250', _('250'));
568 o.value('500', _('500'));
569 o.value('1000', _('1000'));
570 o.optional = true;
571 o.rmempty = true;
572
573 o = s.taboption('adv_log', form.Value, 'ban_logcount', _('Log Count'), _('Number of failed login attempts of the same IP in the log before blocking.'));
574 o.placeholder = '1';
575 o.datatype = 'range(1,10)';
576 o.rmempty = true;
577
578 o = s.taboption('adv_log', form.DynamicList, 'ban_logterm', _('Log Terms'), _('The default regular expressions are filtering suspicious ssh, LuCI, nginx and asterisk traffic.'));
579 o.optional = true;
580 o.rmempty = true;
581
582 o = s.taboption('adv_log', form.Flag, 'ban_remotelog', _('Enable Remote Logging'), _('Enable the cgi interface to receive remote logging events.'));
583 o.default = 0
584 o.optional = true;
585 o.rmempty = true;
586
587 o = s.taboption('adv_log', form.Value, 'ban_remotetoken', _('Remote Token'), _('Token to communicate with the cgi interface.'));
588 o.depends('ban_remotelog', '1');
589 o.datatype = 'and(minlength(3),maxlength(20))';
590 o.validate = function (section_id, value) {
591 if (!value) {
592 return _('Empty field not allowed');
593 }
594 if (!value.match(/^[A-Za-z0-9\.\:]+$/)) {
595 return _('Invalid characters');
596 }
597 return true;
598 }
599 o.optional = true;
600 o.rmempty = true;
601
602 /*
603 advanced email settings tab
604 */
605 o = s.taboption('adv_email', form.DummyValue, '_sub');
606 o.rawhtml = true;
607 o.default = '<em style="color:#37c;font-weight:bold;">' + _('To enable email notifications, set up the \'msmtp\' package and specify a vaild E-Mail receiver address.') + '</em>';
608
609 o = s.taboption('adv_email', form.Flag, 'ban_mailnotification', _('E-Mail Notification'), _('Receive E-Mail notifications with every banIP run.'));
610 o.rmempty = true;
611
612 o = s.taboption('adv_email', form.Value, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification E-Mails, this information is required to enable E-Mail functionality.'));
613 o.placeholder = 'name@example.com';
614 o.rmempty = true;
615
616 o = s.taboption('adv_email', form.Value, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
617 o.placeholder = 'no-reply@banIP';
618 o.rmempty = true;
619
620 o = s.taboption('adv_email', form.Value, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
621 o.placeholder = 'banIP notification';
622 o.rmempty = true;
623
624 o = s.taboption('adv_email', form.Value, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
625 o.placeholder = 'ban_notify';
626 o.datatype = 'uciname';
627 o.rmempty = true;
628
629 /*
630 feeds tab
631 */
632 o = s.taboption('feeds', form.DummyValue, '_sub');
633 o.rawhtml = true;
634 o.default = '<em style="color:#37c;font-weight:bold;">' + _('External Blocklist Feeds') + '</em>';
635
636 if (feeds) {
637 o = s.taboption('feeds', form.MultiValue, 'ban_feed', _('Blocklist Feed'));
638 for (let i = 0; i < Object.keys(feeds).length; i++) {
639 feed = Object.keys(feeds)[i].trim();
640 descr = feeds[feed].descr.trim() || '-';
641 o.value(feed, feed + ' (' + descr + ')');
642 }
643 o.optional = true;
644 o.rmempty = true;
645 }
646
647 let ccode, rir, country, countries = [];
648 if (result[2]) {
649 countries = result[2].trim().split('\n');
650
651 o = s.taboption('feeds', form.MultiValue, 'ban_country', _('Countries (RIR)'));
652 for (let i = 0; i < countries.length; i++) {
653 try {
654 ccode = countries[i].match(/^(\w+)\t/)[1].trim();
655 rir = countries[i].match(/^\w+\t(\w+)\t/)[1].trim();
656 country = countries[i].match(/^\w+\t\w+\t(.*$)/)[1].trim();
657 o.value(ccode, country + ' (' + rir + ')');
658 } catch (e) {
659 countries[i] = "";
660 ui.addNotification(null, E('p', _('Unable to parse the countries file: %s').format(e.message)), 'error');
661 }
662 }
663 o.optional = true;
664 o.rmempty = true;
665 }
666
667 o = s.taboption('feeds', form.MultiValue, 'ban_region', _('Regional Internet Registry'));
668 o.value('AFRINIC', _('AFRINIC - serving Africa and the Indian Ocean region'));
669 o.value('APNIC', _('APNIC - serving the Asia Pacific region'));
670 o.value('ARIN', _('ARIN - serving Canada and the United States'));
671 o.value('LACNIC', _('LACNIC - serving the Latin American and Caribbean region'));
672 o.value('RIPE', _('RIPE - serving Europe, Middle East and Central Asia'));
673 o.optional = true;
674 o.rmempty = true;
675
676 o = s.taboption('feeds', form.DynamicList, 'ban_asn', _('ASNs'));
677 o.datatype = 'uinteger';
678 o.optional = true;
679 o.rmempty = true;
680
681 o = s.taboption('feeds', form.DummyValue, '_feeds');
682 o.rawhtml = true;
683 o.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('External Allowlist Feeds') + '</em>';
684
685 o = s.taboption('feeds', form.DynamicList, 'ban_allowurl', _('Allowlist Feed URLs'));
686 if (countries) {
687 for (let i = 0; i < countries.length; i++) {
688 try {
689 ccode = countries[i].match(/^(\w+)\t/)[1].trim();
690 rir = countries[i].match(/^\w+\t(\w+)\t/)[1].trim();
691 country = countries[i].match(/^\w+\t\w+\t(.*$)/)[1].trim();
692 o.value('https://www.ipdeny.com/ipblocks/data/aggregated/' + ccode + '-aggregated.zone', country + ' IPv4 (' + rir + ')');
693 o.value('https://www.ipdeny.com/ipv6/ipaddresses/aggregated/' + ccode + '-aggregated.zone', country + ' IPv6 (' + rir + ')');
694 } catch (e) {
695 countries[i] = "";
696 }
697 }
698 }
699 o.optional = true;
700 o.rmempty = true;
701 o.validate = function (section_id, value) {
702 if (!value) {
703 return true;
704 }
705 if (!value.match(/^(http:\/\/|https:\/\/)[A-Za-z0-9\/\.\-_\?\&\+=:~#]+$/)) {
706 return _('Protocol/URL format not supported');
707 }
708 return true;
709 }
710
711 o = s.taboption('feeds', form.DummyValue, '_feeds');
712 o.rawhtml = true;
713 o.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('Local Feed Settings') + '</em>';
714
715 o = s.taboption('feeds', form.Flag, 'ban_autoallowlist', _('Auto Allowlist'), _('Automatically add resolved domains and uplink IPs to the local banIP allowlist.'));
716 o.default = 1
717 o.rmempty = false;
718
719 o = s.taboption('feeds', form.ListValue, 'ban_autoallowuplink', _('Auto Allow Uplink'), _('Limit the uplink autoallow function.'));
720 o.depends('ban_autoallowlist', '1');
721 o.value('disable', _('Disable'));
722 o.value('subnet', _('Subnet (default)'));
723 o.value('ip', _('IP'));
724 o.optional = true;
725 o.rmempty = true;
726
727 o = s.taboption('feeds', form.Flag, 'ban_autoblocklist', _('Auto Blocklist'), _('Automatically add resolved domains and suspicious IPs to the local banIP blocklist.'));
728 o.default = 1
729 o.rmempty = false;
730
731 o = s.taboption('feeds', form.Flag, 'ban_autoblocksubnet', _('Auto Block Subnet'), _('Automatically add entire subnets to the blocklist Set based on an additional RDAP request with the suspicious IP.'));
732 o.default = 0
733 o.optional = true;
734 o.rmempty = true;
735
736 o = s.taboption('feeds', form.ListValue, 'ban_nftexpiry', _('Blocklist Set Expiry'), _('Expiry time for auto added blocklist Set members.'));
737 o.value('10s');
738 o.value('1m');
739 o.value('5m');
740 o.value('1h');
741 o.value('2h');
742 o.value('1d');
743 o.optional = true;
744 o.rmempty = true;
745
746 o = s.taboption('feeds', form.Flag, 'ban_allowlistonly', _('Allowlist Only'), _('Restrict the internet access from/to a small number of secure IPs.'));
747 o.rmempty = false;
748
749 return m.render();
750 },
751 handleReset: null
752 });
Lua Configuration Interface (mirror)