850b9a446f98488663a7f3aa6e63c1de34a3f720
9 'require tools.widgets as widgets';
14 function handleAction(ev
) {
15 if (ev
=== 'restart') {
16 let map
= document
.querySelector('.cbi-map');
17 dom
.callClassMethod(map
, 'save').then(function() {
18 classes
.ui
.changes
.apply(false);
21 return fs
.exec_direct('/etc/init.d/banip', [ev
])
27 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.custom.feeds'), ''),
28 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.feeds'), ''),
29 L
.resolveDefault(fs
.read_direct('/etc/banip/banip.countries'), ''),
34 render: function (result
) {
37 m
= new form
.Map('banip', 'banIP', _('Configuration of the banIP package to ban incoming and outgoing IPs via named nftables Sets. \
38 For further information please check the <a style="color:#37c;font-weight:bold;" href="https://github.com/openwrt/packages/blob/master/net/banip/files/README.md" target="_blank" rel="noreferrer noopener" >online documentation</a>'));
41 poll runtime information
43 let buttons
, rtRes
, infStat
, infVer
, infElements
, infFeeds
, infDevices
, infUplink
, infSystem
, nftInfos
, runInfos
, infFlags
, last_run
45 pollData
: poll
.add(function () {
46 return L
.resolveDefault(fs
.stat('/var/run/banip.lock')).then(function (stat
) {
47 buttons
= document
.querySelectorAll('.cbi-button');
48 infStat
= document
.getElementById('status');
50 for (let i
= 0; i
< buttons
.length
; i
++) {
51 buttons
[i
].setAttribute('disabled', 'true');
53 if (infStat
&& !infStat
.classList
.contains('spinning')) {
54 infStat
.classList
.add('spinning');
57 for (let i
= 0; i
< buttons
.length
; i
++) {
58 buttons
[i
].removeAttribute('disabled');
60 if (infStat
&& infStat
.classList
.contains('spinning')) {
61 infStat
.classList
.remove('spinning');
64 L
.resolveDefault(fs
.exec_direct('/etc/init.d/banip', ['status'])).then(function (result
) {
66 rtRes
= result
.trim().split('\n');
68 for (let i
= 0; i
< rtRes
.length
; i
++) {
69 if (rtRes
[i
].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)) {
70 rtRes
.status
= rtRes
[i
].match(/^\s+\+\sstatus\s+\:\s+(.*)$/)[1];
71 } else if (rtRes
[i
].match(/^\s+\+\sversion\s+\:\s+(.*)$/)) {
72 rtRes
.version
= rtRes
[i
].match(/^\s+\+\sversion\s+\:\s+(.*)$/)[1];
73 } else if (rtRes
[i
].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)) {
74 rtRes
.elementCount
= rtRes
[i
].match(/^\s+\+\selement_count\s+\:\s+(.*)$/)[1];
75 } else if (rtRes
[i
].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)) {
76 rtRes
.activeFeeds
= rtRes
[i
].match(/^\s+\+\sactive_feeds\s+\:\s+(.*)$/)[1];
77 } else if (rtRes
[i
].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)) {
78 rtRes
.activeDevices
= rtRes
[i
].match(/^\s+\+\sactive_devices\s+\:\s+(.*)$/)[1];
79 } else if (rtRes
[i
].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)) {
80 rtRes
.activeUplink
= rtRes
[i
].match(/^\s+\+\sactive_uplink\s+\:\s+(.*)$/)[1];
81 } else if (rtRes
[i
].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)) {
82 rtRes
.nftInfo
= rtRes
[i
].match(/^\s+\+\snft_info\s+\:\s+(.*)$/)[1];
83 } else if (rtRes
[i
].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)) {
84 rtRes
.runInfo
= rtRes
[i
].match(/^\s+\+\srun_info\s+\:\s+(.*)$/)[1];
85 } else if (rtRes
[i
].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)) {
86 rtRes
.runFlags
= rtRes
[i
].match(/^\s+\+\srun_flags\s+\:\s+(.*)$/)[1];
87 } else if (rtRes
[i
].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)) {
88 rtRes
.lastRun
= rtRes
[i
].match(/^\s+\+\slast_run\s+\:\s+(.*)$/)[1];
89 } else if (rtRes
[i
].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)) {
90 rtRes
.systemInfo
= rtRes
[i
].match(/^\s+\+\ssystem_info\s+\:\s+(.*)$/)[1];
95 infStat
= document
.getElementById('status');
97 infStat
.textContent
= rtRes
.status
|| '-';
99 infVer
= document
.getElementById('version');
101 infVer
.textContent
= rtRes
.version
|| '-';
103 infElements
= document
.getElementById('elements');
105 infElements
.textContent
= rtRes
.elementCount
|| '-';
107 infFeeds
= document
.getElementById('feeds');
109 infFeeds
.textContent
= rtRes
.activeFeeds
|| '-';
111 infDevices
= document
.getElementById('devices');
113 infDevices
.textContent
= rtRes
.activeDevices
|| '-';
115 infUplink
= document
.getElementById('uplink');
117 infUplink
.textContent
= rtRes
.activeUplink
|| '-';
119 nftInfos
= document
.getElementById('nft');
121 nftInfos
.textContent
= rtRes
.nftInfo
|| '-';
123 runInfos
= document
.getElementById('run');
125 runInfos
.textContent
= rtRes
.runInfo
|| '-';
127 infFlags
= document
.getElementById('flags');
129 infFlags
.textContent
= rtRes
.runFlags
|| '-';
131 last_run
= document
.getElementById('last');
133 last_run
.textContent
= rtRes
.lastRun
|| '-';
135 infSystem
= document
.getElementById('system');
137 infSystem
.textContent
= rtRes
.systemInfo
|| '-';
141 infStat
= document
.getElementById('status');
143 infStat
.textContent
= '-';
145 if (infStat
.classList
.contains('spinning')) {
146 infStat
.classList
.remove('spinning');
155 runtime information and buttons
157 s
= m
.section(form
.NamedSection
, 'global');
158 s
.render
= L
.bind(function (view
, section_id
) {
159 return E('div', { 'class': 'cbi-section' }, [
160 E('h3', _('Information')),
161 E('div', { 'class': 'cbi-value' }, [
162 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Status')),
163 E('div', { 'class': 'cbi-value-field spinning', 'id': 'status', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '\xa0')
165 E('div', { 'class': 'cbi-value' }, [
166 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Version')),
167 E('div', { 'class': 'cbi-value-field', 'id': 'version', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
169 E('div', { 'class': 'cbi-value' }, [
170 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Element Count')),
171 E('div', { 'class': 'cbi-value-field', 'id': 'elements', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
173 E('div', { 'class': 'cbi-value' }, [
174 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Feeds')),
175 E('div', { 'class': 'cbi-value-field', 'id': 'feeds', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
177 E('div', { 'class': 'cbi-value' }, [
178 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Devices')),
179 E('div', { 'class': 'cbi-value-field', 'id': 'devices', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
181 E('div', { 'class': 'cbi-value' }, [
182 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Active Uplink')),
183 E('div', { 'class': 'cbi-value-field', 'id': 'uplink', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
185 E('div', { 'class': 'cbi-value' }, [
186 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('NFT Information')),
187 E('div', { 'class': 'cbi-value-field', 'id': 'nft', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
189 E('div', { 'class': 'cbi-value' }, [
190 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Run Information')),
191 E('div', { 'class': 'cbi-value-field', 'id': 'run', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
193 E('div', { 'class': 'cbi-value' }, [
194 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Run Flags')),
195 E('div', { 'class': 'cbi-value-field', 'id': 'flags', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
197 E('div', { 'class': 'cbi-value' }, [
198 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('Last Run')),
199 E('div', { 'class': 'cbi-value-field', 'id': 'last', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
201 E('div', { 'class': 'cbi-value' }, [
202 E('label', { 'class': 'cbi-value-title', 'style': 'margin-bottom:-5px;float:left;font-weight:bold;padding-top:0rem;' }, _('System Information')),
203 E('div', { 'class': 'cbi-value-field', 'id': 'system', 'style': 'margin-bottom:-5px;float:left;color:#37c;font-weight:bold;' }, '-')
205 E('div', { class: 'right' }, [
207 'class': 'btn cbi-button cbi-button-action',
208 'click': ui
.createHandlerFn(this, function () {
209 return handleAction('lookup');
211 }, [_('Domain Lookup')]),
214 'class': 'btn cbi-button cbi-button-negative',
215 'click': ui
.createHandlerFn(this, function () {
216 return handleAction('stop');
221 'class': 'btn cbi-button cbi-button-positive',
222 'click': ui
.createHandlerFn(this, function () {
223 return handleAction('reload');
228 'class': 'btn cbi-button cbi-button-positive',
229 'click': ui
.createHandlerFn(this, function () {
230 return handleAction('restart');
232 }, [_('Apply & Restart')])
239 tabbed config section
241 s
= m
.section(form
.NamedSection
, 'global', 'banip', _('Settings'));
243 s
.tab('general', _('General Settings'));
244 s
.tab('advanced', _('Advanced Settings'));
245 s
.tab('adv_chain', _('Table/Chain Settings'));
246 s
.tab('adv_set', _('Feed/Set Settings'));
247 s
.tab('adv_log', _('Log Settings'));
248 s
.tab('adv_email', _('E-Mail Settings'));
249 s
.tab('feeds', _('Feed Selection'));
254 o
= s
.taboption('general', form
.Flag
, 'ban_enabled', _('Enabled'), _('Enable the banIP service.'));
257 o
= s
.taboption('general', form
.Flag
, 'ban_debug', _('Verbose Debug Logging'), _('Enable verbose debug logging in case of processing errors.'));
260 o
= s
.taboption('general', form
.Flag
, 'ban_autodetect', _('Auto Detection'), _('Detect relevant network devices, interfaces, subnets, protocols and utilities automatically.'));
263 o
= s
.taboption('general', form
.Flag
, 'ban_protov4', _('IPv4 Support'), _('Enables IPv4 support.'));
264 o
.depends('ban_autodetect', '0');
268 o
= s
.taboption('general', form
.Flag
, 'ban_protov6', _('IPv6 Support'), _('Enables IPv6 support.'));
269 o
.depends('ban_autodetect', '0');
273 o
= s
.taboption('general', widgets
.DeviceSelect
, 'ban_dev', _('Network Devices'), _('Select the WAN network device(s).'));
274 o
.depends('ban_autodetect', '0');
280 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_ifv4', _('IPv4 Network Interfaces'), _('Select the logical WAN IPv4 network interface(s).'));
281 o
.depends('ban_autodetect', '0');
287 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_ifv6', _('IPv6 Network Interfaces'), _('Select the logical WAN IPv6 network interface(s).'));
288 o
.depends('ban_autodetect', '0');
294 o
= s
.taboption('general', form
.ListValue
, 'ban_fetchcmd', _('Download Utility'), _('Select one of the pre-configured download utilities.'));
295 o
.depends('ban_autodetect', '0');
296 o
.value('uclient-fetch');
303 o
= s
.taboption('general', form
.Value
, 'ban_fetchparm', _('Download Parameters'), _('Override the pre-configured download options for the selected download utility.'))
304 o
.depends('ban_autodetect', '0');
308 o
= s
.taboption('general', widgets
.NetworkSelect
, 'ban_trigger', _('Reload Trigger Interface'), _('List of available reload trigger interface(s).'));
313 o
= s
.taboption('general', form
.Value
, 'ban_triggerdelay', _('Trigger Delay'), _('Additional trigger delay in seconds during interface reload and boot.'));
314 o
.placeholder
= '10';
315 o
.datatype
= 'range(1,300)';
318 o
= s
.taboption('general', form
.ListValue
, 'ban_fetchretry', _('Download Retries'), _('Number of download attempts in case of an error (not supported by uclient-fetch).'));
319 o
.value('1', _('1'));
320 o
.value('3', _('3'));
321 o
.value('5', _('5 (default)'));
322 o
.value('10', _('10'));
323 o
.value('20', _('20'));
327 o
= s
.taboption('general', form
.Flag
, 'ban_fetchinsecure', _('Download Insecure'), _('Don\'t check SSL server certificates during download.'));
331 additional settings tab
333 o
= s
.taboption('advanced', form
.DummyValue
, '_sub');
335 o
.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
337 o
= s
.taboption('advanced', form
.ListValue
, 'ban_nicelimit', _('Nice Level'), _('The selected priority will be used for banIP background processing.'));
338 o
.value('-20', _('Highest Priority'));
339 o
.value('-10', _('High Priority'));
340 o
.value('0', _('Normal Priority (default)'));
341 o
.value('10', _('Less Priority'));
342 o
.value('19', _('Least Priority'));
346 o
= s
.taboption('advanced', form
.ListValue
, 'ban_filelimit', _('Max Open Files'), _('Increase the maximal number of open files, e.g. to handle the amount of temporary split files while loading the Sets.'));
347 o
.value('512', _('512'));
348 o
.value('1024', _('1024 (default)'));
349 o
.value('2048', _('2048'));
350 o
.value('4096', _('4096'));
354 o
= s
.taboption('advanced', form
.ListValue
, 'ban_cores', _('CPU Cores'), _('Limit the cpu cores used by banIP to save RAM.'));
363 o
= s
.taboption('advanced', form
.ListValue
, 'ban_splitsize', _('Set Split Size'), _('Split external Set loading after every n members to save RAM.'));
373 o
= s
.taboption('advanced', form
.Value
, 'ban_basedir', _('Base Directory'), _('Base working directory while banIP processing.'));
374 o
.placeholder
= '/tmp';
377 o
= s
.taboption('advanced', form
.Value
, 'ban_backupdir', _('Backup Directory'), _('Target directory for compressed feed backups.'));
378 o
.placeholder
= '/tmp/banIP-backup';
381 o
= s
.taboption('advanced', form
.Value
, 'ban_reportdir', _('Report Directory'), _('Target directory for banIP-related report files.'));
382 o
.placeholder
= '/tmp/banIP-report';
385 o
= s
.taboption('advanced', form
.Flag
, 'ban_deduplicate', _('Deduplicate IPs'), _('Deduplicate IP addresses across all active Sets and tidy up the local blocklist.'));
389 o
= s
.taboption('advanced', form
.Flag
, 'ban_reportelements', _('Report Elements'), _('List Set elements in the status and report, disable this to reduce the CPU load.'));
394 advanced chain settings tab
396 o
= s
.taboption('adv_chain', form
.DummyValue
, '_sub');
398 o
.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
400 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_nftpriority', _('Chain Priority'), _('Set the nft chain priority within the banIP table, lower values means higher priority.'));
401 o
.value('0', _('0'));
402 o
.value('-100', _('-100 (default)'));
403 o
.value('-150', _('-150'));
404 o
.value('-200', _('-200'));
408 o
= s
.taboption('adv_chain', form
.Value
, 'ban_allowflag', _('Allow Protocol/Ports'), _('Always allow a protocol \(tcp/udp\) with certain ports or port ranges in WAN-Input and WAN-Forward chain.'));
409 o
.placeholder
= 'tcp 80 443-445';
412 o
= s
.taboption('adv_chain', widgets
.DeviceSelect
, 'ban_vlanallow', _('Allow VLAN Forwards'), _('Always allow certain VLAN forwards.'));
418 o
= s
.taboption('adv_chain', widgets
.DeviceSelect
, 'ban_vlanblock', _('Block VLAN Forwards'), _('Always block certain VLAN forwards.'));
424 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_icmplimit', _('ICMP-Treshold'), _('ICMP-Treshold in packets per second to prevent WAN-DDoS attacks.'));
425 o
.value('1', _('1'));
426 o
.value('10', _('10 (default)'));
427 o
.value('50', _('50'));
428 o
.value('100', _('100'));
429 o
.value('250', _('250'));
430 o
.value('500', _('500'));
434 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_synlimit', _('SYN-Treshold'), _('SYN-Treshold in packets per second to prevent WAN-DDoS attacks.'));
435 o
.value('1', _('1'));
436 o
.value('10', _('10 (default)'));
437 o
.value('50', _('50'));
438 o
.value('100', _('100'));
439 o
.value('250', _('250'));
440 o
.value('500', _('500'));
444 o
= s
.taboption('adv_chain', form
.ListValue
, 'ban_udplimit', _('UDP-Treshold'), _('UDP-Treshold in packets per second to prevent WAN-DDoS attacks.'));
445 o
.value('1', _('1'));
446 o
.value('10', _('10'));
447 o
.value('50', _('50'));
448 o
.value('100', _('100 (default)'));
449 o
.value('250', _('250'));
450 o
.value('500', _('500'));
455 advanced Set settings tab
457 o
= s
.taboption('adv_set', form
.DummyValue
, '_sub');
459 o
.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
461 o
= s
.taboption('adv_set', form
.ListValue
, 'ban_nftpolicy', _('Set Policy'), _('Set the nft policy for banIP-related Sets.'));
462 o
.value('memory', _('memory (default)'));
463 o
.value('performance', _('performance'));
467 o
= s
.taboption('adv_set', form
.ListValue
, 'ban_blocktype', _('Block Type'), _('Drop packets silently or actively reject the traffic on WAN-Input and WAN-Forward chains.'));
468 o
.value('drop', _('drop (default)'));
469 o
.value('reject', _('reject'));
473 o
= s
.taboption('adv_set', form
.ListValue
, 'ban_blockpolicy', _('Default Block Policy'), _('By default each feed is active in all supported chains. Limit the default block policy to a certain chain.'));
474 o
.value('input', _('WAN-Input Chain'));
475 o
.value('forwardwan', _('WAN-Forward Chain'));
476 o
.value('forwardlan', _('LAN-Forward Chain'));
480 let feed
, feeds
, descr
;
483 feeds
= JSON
.parse(result
[0]);
486 ui
.addNotification(null, E('p', _('Unable to parse the custom feed file: %s').format(e
.message
)), 'error');
488 } else if (result
[1]) {
490 feeds
= JSON
.parse(result
[1]);
493 ui
.addNotification(null, E('p', _('Unable to parse the default feed file: %s').format(e
.message
)), 'error');
497 o
= s
.taboption('adv_set', form
.MultiValue
, 'ban_blockinput', _('WAN-Input Chain'), _('Limit certain feeds to the WAN-Input chain.'));
498 o
.value('allowlist', _('local allowlist'));
499 o
.value('blocklist', _('local blocklist'));
500 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
501 feed
= Object
.keys(feeds
)[i
].trim();
507 o
= s
.taboption('adv_set', form
.MultiValue
, 'ban_blockforwardwan', _('WAN-Forward Chain'), _('Limit certain feeds to the WAN-Forward chain.'));
508 o
.value('allowlist', _('local allowlist'));
509 o
.value('blocklist', _('local blocklist'));
510 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
511 feed
= Object
.keys(feeds
)[i
].trim();
517 o
= s
.taboption('adv_set', form
.MultiValue
, 'ban_blockforwardlan', _('LAN-Forward Chain'), _('Limit certain feeds to the LAN-Forward chain.'));
518 o
.value('allowlist', _('local allowlist'));
519 o
.value('blocklist', _('local blocklist'));
520 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
521 feed
= Object
.keys(feeds
)[i
].trim();
529 advanced log settings tab
531 o
= s
.taboption('adv_log', form
.DummyValue
, '_sub');
533 o
.default = '<em style="color:#37c;font-weight:bold;">' + _('Changes on this tab needs a banIP service restart to take effect.') + '</em>';
535 o
= s
.taboption('adv_log', form
.ListValue
, 'ban_nftloglevel', _('NFT Log Level'), _('Set the syslog level for NFT logging.'));
536 o
.value('emerg', _('emerg'));
537 o
.value('alert', _('alert'));
538 o
.value('crit', _('crit'));
539 o
.value('err', _('err'));
540 o
.value('warn', _('warn (default)'));
541 o
.value('notice', _('notice'));
542 o
.value('info', _('info'));
543 o
.value('debug', _('debug'));
547 o
= s
.taboption('adv_log', form
.Flag
, 'ban_logprerouting', _('Log Prerouting'), _('Log suspicious Prerouting packets.'));
550 o
= s
.taboption('adv_log', form
.Flag
, 'ban_loginput', _('Log WAN-Input'), _('Log suspicious incoming WAN packets.'));
553 o
= s
.taboption('adv_log', form
.Flag
, 'ban_logforwardwan', _('Log WAN-Forward'), _('Log suspicious forwarded WAN packets.'));
556 o
= s
.taboption('adv_log', form
.Flag
, 'ban_logforwardlan', _('Log LAN-Forward'), _('Log suspicious forwarded LAN packets.'));
559 o
= s
.taboption('adv_log', form
.Value
, 'ban_logreadfile', _('Logfile Location'), _('Location for parsing the log file, e.g. via syslog-ng, to deactivate the standard parsing via logread.'));
560 o
.placeholder
= '/var/log/messages';
563 o
= s
.taboption('adv_log', form
.ListValue
, 'ban_loglimit', _('Log Limit'), _('Parse only the last stated number of log entries for suspicious events. To disable the log monitor at all set it to \'0\'.'));
564 o
.value('0', _('0 (disable)'));
565 o
.value('50', _('50'));
566 o
.value('100', _('100 (default)'));
567 o
.value('250', _('250'));
568 o
.value('500', _('500'));
569 o
.value('1000', _('1000'));
573 o
= s
.taboption('adv_log', form
.Value
, 'ban_logcount', _('Log Count'), _('Number of failed login attempts of the same IP in the log before blocking.'));
575 o
.datatype
= 'range(1,10)';
578 o
= s
.taboption('adv_log', form
.DynamicList
, 'ban_logterm', _('Log Terms'), _('The default regular expressions are filtering suspicious ssh, LuCI, nginx and asterisk traffic.'));
582 o
= s
.taboption('adv_log', form
.Flag
, 'ban_remotelog', _('Enable Remote Logging'), _('Enable the cgi interface to receive remote logging events.'));
587 o
= s
.taboption('adv_log', form
.Value
, 'ban_remotetoken', _('Remote Token'), _('Token to communicate with the cgi interface.'));
588 o
.depends('ban_remotelog', '1');
589 o
.datatype
= 'and(minlength(3),maxlength(20))';
590 o
.validate = function (section_id
, value
) {
592 return _('Empty field not allowed');
594 if (!value
.match(/^[A-Za-z0-9\.\:]+$/)) {
595 return _('Invalid characters');
603 advanced email settings tab
605 o
= s
.taboption('adv_email', form
.DummyValue
, '_sub');
607 o
.default = '<em style="color:#37c;font-weight:bold;">' + _('To enable email notifications, set up the \'msmtp\' package and specify a vaild E-Mail receiver address.') + '</em>';
609 o
= s
.taboption('adv_email', form
.Flag
, 'ban_mailnotification', _('E-Mail Notification'), _('Receive E-Mail notifications with every banIP run.'));
612 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailreceiver', _('E-Mail Receiver Address'), _('Receiver address for banIP notification E-Mails, this information is required to enable E-Mail functionality.'));
613 o
.placeholder
= 'name@example.com';
616 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailsender', _('E-Mail Sender Address'), _('Sender address for banIP notification E-Mails.'));
617 o
.placeholder
= 'no-reply@banIP';
620 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailtopic', _('E-Mail Topic'), _('Topic for banIP notification E-Mails.'));
621 o
.placeholder
= 'banIP notification';
624 o
= s
.taboption('adv_email', form
.Value
, 'ban_mailprofile', _('E-Mail Profile'), _('Profile used by \'msmtp\' for banIP notification E-Mails.'));
625 o
.placeholder
= 'ban_notify';
626 o
.datatype
= 'uciname';
632 o
= s
.taboption('feeds', form
.DummyValue
, '_sub');
634 o
.default = '<em style="color:#37c;font-weight:bold;">' + _('External Blocklist Feeds') + '</em>';
637 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_feed', _('Blocklist Feed'));
638 for (let i
= 0; i
< Object
.keys(feeds
).length
; i
++) {
639 feed
= Object
.keys(feeds
)[i
].trim();
640 descr
= feeds
[feed
].descr
.trim() || '-';
641 o
.value(feed
, feed
+ ' (' + descr
+ ')');
647 let ccode
, rir
, country
, countries
= [];
649 countries
= result
[2].trim().split('\n');
651 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_country', _('Countries (RIR)'));
652 for (let i
= 0; i
< countries
.length
; i
++) {
654 ccode
= countries
[i
].match(/^(\w+)\t/)[1].trim();
655 rir
= countries
[i
].match(/^\w+\t(\w+)\t/)[1].trim();
656 country
= countries
[i
].match(/^\w+\t\w+\t(.*$)/)[1].trim();
657 o
.value(ccode
, country
+ ' (' + rir
+ ')');
660 ui
.addNotification(null, E('p', _('Unable to parse the countries file: %s').format(e
.message
)), 'error');
667 o
= s
.taboption('feeds', form
.MultiValue
, 'ban_region', _('Regional Internet Registry'));
668 o
.value('AFRINIC', _('AFRINIC - serving Africa and the Indian Ocean region'));
669 o
.value('APNIC', _('APNIC - serving the Asia Pacific region'));
670 o
.value('ARIN', _('ARIN - serving Canada and the United States'));
671 o
.value('LACNIC', _('LACNIC - serving the Latin American and Caribbean region'));
672 o
.value('RIPE', _('RIPE - serving Europe, Middle East and Central Asia'));
676 o
= s
.taboption('feeds', form
.DynamicList
, 'ban_asn', _('ASNs'));
677 o
.datatype
= 'uinteger';
681 o
= s
.taboption('feeds', form
.DummyValue
, '_feeds');
683 o
.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('External Allowlist Feeds') + '</em>';
685 o
= s
.taboption('feeds', form
.DynamicList
, 'ban_allowurl', _('Allowlist Feed URLs'));
687 for (let i
= 0; i
< countries
.length
; i
++) {
689 ccode
= countries
[i
].match(/^(\w+)\t/)[1].trim();
690 rir
= countries
[i
].match(/^\w+\t(\w+)\t/)[1].trim();
691 country
= countries
[i
].match(/^\w+\t\w+\t(.*$)/)[1].trim();
692 o
.value('https://www.ipdeny.com/ipblocks/data/aggregated/' + ccode
+ '-aggregated.zone', country
+ ' IPv4 (' + rir
+ ')');
693 o
.value('https://www.ipdeny.com/ipv6/ipaddresses/aggregated/' + ccode
+ '-aggregated.zone', country
+ ' IPv6 (' + rir
+ ')');
701 o
.validate = function (section_id
, value
) {
705 if (!value
.match(/^(http:\/\/|https:\/\/)[A-Za-z0-9\/\.\-_\?\&\+=:~#]+$/)) {
706 return _('Protocol/URL format not supported');
711 o
= s
.taboption('feeds', form
.DummyValue
, '_feeds');
713 o
.default = '<hr style="width: 200px; height: 1px;" /><em style="color:#37c;font-weight:bold;">' + _('Local Feed Settings') + '</em>';
715 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoallowlist', _('Auto Allowlist'), _('Automatically add resolved domains and uplink IPs to the local banIP allowlist.'));
719 o
= s
.taboption('feeds', form
.ListValue
, 'ban_autoallowuplink', _('Auto Allow Uplink'), _('Limit the uplink autoallow function.'));
720 o
.depends('ban_autoallowlist', '1');
721 o
.value('disable', _('Disable'));
722 o
.value('subnet', _('Subnet (default)'));
723 o
.value('ip', _('IP'));
727 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoblocklist', _('Auto Blocklist'), _('Automatically add resolved domains and suspicious IPs to the local banIP blocklist.'));
731 o
= s
.taboption('feeds', form
.Flag
, 'ban_autoblocksubnet', _('Auto Block Subnet'), _('Automatically add entire subnets to the blocklist Set based on an additional RDAP request with the suspicious IP.'));
736 o
= s
.taboption('feeds', form
.ListValue
, 'ban_nftexpiry', _('Blocklist Set Expiry'), _('Expiry time for auto added blocklist Set members.'));
746 o
= s
.taboption('feeds', form
.Flag
, 'ban_allowlistonly', _('Allowlist Only'), _('Restrict the internet access from/to a small number of secure IPs.'));