iptables.lua 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. -- Copyright 2008 Freifunk Leipzig / Jo-Philipp Wich <jow@openwrt.org>
  2. -- Licensed to the public under the Apache License 2.0.
  3. require("luci.sys.iptparser")
  4. ip = luci.sys.iptparser.IptParser()
  5. chains = { }
  6. targets = { }
  7. for i, rule in ipairs( ip:find() ) do
  8. if rule.chain and rule.target then
  9. chains[rule.chain] = true
  10. targets[rule.target] = true
  11. end
  12. end
  13. m = Map("luci_statistics",
  14. translate("Iptables Plugin Configuration"),
  15. translate(
  16. "The iptables plugin will monitor selected firewall rules and " ..
  17. "collect informations about processed bytes and packets per rule."
  18. ))
  19. -- collectd_iptables config section
  20. s = m:section( NamedSection, "collectd_iptables", "luci_statistics" )
  21. -- collectd_iptables.enable
  22. enable = s:option( Flag, "enable", translate("Enable this plugin") )
  23. enable.default = 0
  24. -- collectd_iptables_match config section (Chain directives)
  25. rule = m:section( TypedSection, "collectd_iptables_match",
  26. translate("Add matching rule"),
  27. translate(
  28. "Here you can define various criteria by which the monitored " ..
  29. "iptables rules are selected."
  30. ))
  31. rule.addremove = true
  32. rule.anonymous = true
  33. -- collectd_iptables_match.name
  34. rule_table = rule:option( Value, "name",
  35. translate("Name of the rule"), translate("max. 16 chars") )
  36. -- collectd_iptables_match.table
  37. rule_table = rule:option( ListValue, "table", translate("Table") )
  38. rule_table.default = "filter"
  39. rule_table.rmempty = true
  40. rule_table.optional = true
  41. rule_table:value("")
  42. rule_table:value("filter")
  43. rule_table:value("nat")
  44. rule_table:value("mangle")
  45. -- collectd_iptables_match.chain
  46. rule_chain = rule:option( ListValue, "chain", translate("Chain") )
  47. rule_chain.rmempty = true
  48. rule_chain.optional = true
  49. rule_chain:value("")
  50. for chain, void in pairs( chains ) do
  51. rule_chain:value( chain )
  52. end
  53. -- collectd_iptables_match.target
  54. rule_target = rule:option( ListValue, "target", translate("Action (target)") )
  55. rule_target.rmempty = true
  56. rule_target.optional = true
  57. rule_target:value("")
  58. for target, void in pairs( targets ) do
  59. rule_target:value( target )
  60. end
  61. -- collectd_iptables_match.protocol
  62. rule_protocol = rule:option( ListValue, "protocol", translate("Network protocol") )
  63. rule_protocol.rmempty = true
  64. rule_protocol.optional = true
  65. rule_protocol:value("")
  66. rule_protocol:value("tcp")
  67. rule_protocol:value("udp")
  68. rule_protocol:value("icmp")
  69. -- collectd_iptables_match.source
  70. rule_source = rule:option( Value, "source", translate("Source ip range") )
  71. rule_source.default = "0.0.0.0/0"
  72. rule_source.rmempty = true
  73. rule_source.optional = true
  74. -- collectd_iptables_match.destination
  75. rule_destination = rule:option( Value, "destination", translate("Destination ip range") )
  76. rule_destination.default = "0.0.0.0/0"
  77. rule_destination.rmempty = true
  78. rule_destination.optional = true
  79. -- collectd_iptables_match.inputif
  80. rule_inputif = rule:option( Value, "inputif",
  81. translate("Incoming interface"), translate("e.g. br-lan") )
  82. rule_inputif.rmempty = true
  83. rule_inputif.optional = true
  84. -- collectd_iptables_match.outputif
  85. rule_outputif = rule:option( Value, "outputif",
  86. translate("Outgoing interface"), translate("e.g. br-ff") )
  87. rule_outputif.rmempty = true
  88. rule_outputif.optional = true
  89. -- collectd_iptables_match.options
  90. rule_options = rule:option( Value, "options",
  91. translate("Options"), translate("e.g. reject-with tcp-reset") )
  92. rule_options.rmempty = true
  93. rule_options.optional = true
  94. return m