-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: S. Brusch <[email protected]> Maintainer: S. Brusch <[email protected]> Compile tested: no compile, script Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3 Description: this is the luci app for crowdsec-firewall-bouncer package
- Loading branch information
Showing
4 changed files
with
105 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # | ||
| # Copyright (C) 2010 OpenWrt.org | ||
| # | ||
| # This is free software, licensed under the GNU General Public License v2. | ||
| # See /LICENSE for more information. | ||
| # | ||
|
|
||
| include $(TOPDIR)/rules.mk | ||
|
|
||
| LUCI_TITLE:=CrowdSec firewall bouncer LuCI interface | ||
| LUCI_DEPENDS:=+luci-compat +luci-mod-admin-full +crowdsec-firewall-bouncer | ||
|
|
||
| PKG_MAINTAINER:=S. Brusch <[email protected]> | ||
| PKG_LICENSE:=Apache-2.0 | ||
|
|
||
| include ../../luci.mk |
64 changes: 64 additions & 0 deletions
64
...cations/luci-app-crowdsec-firewall-bouncer/luasrc/model/cbi/crowdsec-firewall-bouncer.lua
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| --[[ | ||
| LuCI - Lua Configuration Interface | ||
| Copyright 2023 S. Brusch <[email protected]> | ||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||
| you may not use this file except in compliance with the License. | ||
| You may obtain a copy of the License at | ||
| http://www.apache.org/licenses/LICENSE-2.0 | ||
| $Id$ | ||
| ]]-- | ||
|
|
||
| local wa = require "luci.tools.webadmin" | ||
| local net = require "luci.model.network".init() | ||
| local sys = require "luci.sys" | ||
| local ifaces = sys.net:devices() | ||
|
|
||
| m = Map("crowdsec", translate("CrowdSec"), | ||
| translate("Gain <a href=\"http://www.crowdsec.net\">crowd-sourced</a> protection against malicious IPs. " .. | ||
| " Benefit from the most accurate CTI in the world. ")) | ||
|
|
||
| s = m:section(TypedSection, "bouncer", translate("Bouncer")) | ||
| s.anonymous = true | ||
| -- BASIC | ||
| e = s:option(Flag, "enabled", translate("Enable")) | ||
| e.rmempty = false | ||
|
|
||
| o = s:option(Value, "api_url", translate("URL of local API"), | ||
| translate("The URL of your local CrowdSec API instance. ")) | ||
| o.optional = false | ||
|
|
||
| o = s:option(Value, "api_key", translate("API key"), | ||
| translate("The key of your bouncer as registered on the local CrowdSec API. ")) | ||
| o.password = true | ||
| o.optional = false | ||
|
|
||
| o = s:option(Value, "interface", translate("Filtered interfaces"), | ||
| translate("List of interfaces with traffic to be filtered. ")) | ||
| o.template = "cbi/network_ifacelist" | ||
| o.widget = "checkbox" | ||
| o.cast = "table" | ||
| o.noinactive = true | ||
| o.nocreate = true | ||
|
|
||
| o = s:option(Flag, "ipv6", translate("Enable support for IPv6"), | ||
| translate("If unchecked IPv6 will not be filtered. ")) | ||
| o.rmempty = false | ||
|
|
||
| o = s:option(Flag, "filter_input", translate("Filter input chain"), | ||
| translate("Block packets from filtered interfaces addressed to the router itself. ")) | ||
| o.rmempty = false | ||
|
|
||
| o = s:option(Flag, "filter_forward", translate("Filter forward chain"), | ||
| translate("Block packets from filtered interfaces addressed to devices in your network. ")) | ||
| o.rmempty = false | ||
|
|
||
| o = s:option(Flag, "deny_log", translate("Log filtered ip addresses"), | ||
| translate("If checked, a log statement will be added to the firewall rule and blocked " .. | ||
| "ip addresses will be logged to System Log. ")) | ||
| o.rmempty = false | ||
|
|
||
| return m |
14 changes: 14 additions & 0 deletions
14
...wdsec-firewall-bouncer/root/usr/share/luci/menu.d/luci-app-crowdsec-firewall-bouncer.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| { | ||
| "admin/network/firewall/crowdsec-firewall-bouncer": { | ||
| "title": "CrowdSec Bouncer", | ||
| "order": 60, | ||
| "action": { | ||
| "type": "cbi", | ||
| "path": "crowdsec-firewall-bouncer", | ||
| "post": { "cbi.submit": true } | ||
| }, | ||
| "depends": { | ||
| "acl": [ "luci-app-crowdsec-firewall-bouncer" ] | ||
| } | ||
| } | ||
| } |
11 changes: 11 additions & 0 deletions
11
...owdsec-firewall-bouncer/root/usr/share/rpcd/acl.d/luci-app-crowdsec-firewall-bouncer.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| { | ||
| "luci-app-crowdsec-firewall-bouncer": { | ||
| "description": "Grant UCI access for luci-app-crowdsec-firewall-bouncer", | ||
| "read": { | ||
| "uci": [ "crowdsec" ] | ||
| }, | ||
| "write": { | ||
| "uci": [ "crowdsec" ] | ||
| } | ||
| } | ||
| } |