luci-app-accesscontrol: fix work with SFE/Flow

package/lean/luci-app-accesscontrol/Makefile

@@ -11,7 +11,7 @@ LUCI_DEPENDS:=
 LUCI_PKGARCH:=all
 PKG_NAME:=luci-app-accesscontrol
 PKG_VERSION:=1
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lean/luci-app-accesscontrol/luasrc/controller/access_control.lua

@@ -1,27 +0,0 @@
---[[
-LuCI - Lua Configuration Interface - Internet access control
-
-Copyright 2015 Krzysztof Szuster.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-        http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-
-module("luci.controller.access_control", package.seeall)
-
-function index()
-	if not nixio.fs.access("/etc/config/firewall") then
-		return
-	end
---	if not nixio.fs.access("/etc/config/access_control") then
---		return
---	end
-	
-
-	entry({"admin", "services", "access_control"}, cbi("access_control"), _("Internet Access Schedule Control"), 30).dependent = true
-end

package/lean/luci-app-accesscontrol/luasrc/controller/mia.lua

@@ -0,0 +1,12 @@
+module("luci.controller.mia",package.seeall)
+
+function index()
+	if not nixio.fs.access("/etc/config/mia")then
+		return
+	end
+
+	entry({"admin","services","mia"},cbi("mia"),_("Internet Access Schedule Control"),30).dependent=true
+
+end
+
+

package/lean/luci-app-accesscontrol/luasrc/model/cbi/access_control.lua

@@ -1,167 +0,0 @@
---[[
-LuCI - Lua Configuration Interface - Internet access control
-
-Copyright 2015 Krzysztof Szuster.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-
-local CONFIG_FILE_RULES = "firewall"  
-local CONFIG_FILE_AC    = "access_control"
-local ma, mr, s, o
-
-ma = Map(CONFIG_FILE_AC, translate("Internet Access Schedule Control"),
-    translate("Access Schedule Control Settins"))
-if CONFIG_FILE_AC==CONFIG_FILE_RULES then
-    mr = ma
-else
-    mr = Map(CONFIG_FILE_RULES)
-end
----------------------------------------------------------------------------------------------
---  General switch
-
-s = ma:section(NamedSection, "general", "access_control")
-    o_global_enable = s:option(Flag, "enabled", translate("Enabled"))
-        o_global_enable.rmempty = false
-        
----------------------------------------------------------------------------------------------
--- Rule table
-
-s = mr:section(TypedSection, "rule", translate("Client Rules"))
-    s.addremove = true
-    s.anonymous = true
---    s.sortable  = true
-    s.template = "cbi/tblsection"
-    -- hidden, constant options
-    s.defaults.enabled = "0"
-    s.defaults.src     = "*" --"lan", "guest" or enything on local side
-    s.defaults.dest    = "wan"
-    s.defaults.target  = "REJECT"
-    s.defaults.proto    = "0"
---    s_rule.defaults.extra = "--kerneltz"
-    
-    -- only AC-related rules
-    s.filter = function(self, section)
-	      return self.map:get (section, "ac_enabled") ~= nil
-    end
-        
-    o = s:option(Flag, "ac_enabled", translate("Enabled"))
-        o.default = '1'
-        o.rmempty  = false
-    
-        -- ammend "enabled" option and set weekdays  
-        function o.write(self, section, value)
-            wd_write (self, section, value)
-            local key = o_global_enable:cbid (o_global_enable.section.section)
-            --  "cbid.access_control.general.enabled"
-            local global_enable = o_global_enable.map:formvalue (key)
-            if global_enable == "1" then
-                self.map:set(section, "enabled", value)
-            else
-                self.map:set(section, "enabled", "0")
-            end	
---            self.map:set(section, "src",  "*")
---            self.map:set(section, "dest", "wan")
---            self.map:set(section, "target", "REJECT")
---            self.map:set(section, "proto", "0")
---            self.map:set(section, "extra", "--kerneltz")
-            return Flag.write(self, section, value)
-        end
-      
---o = s:option(Value, "name", translate("Description"))
---        o.rmempty = false  -- force validate
---        -- better validate, then: o.datatype = "minlength(1)"
---        o.validate = function(self, val, sid)
---            if type(val) ~= "string" or #val == 0 then
---                return nil, translate("Name must be specified!")
---            end
---            return val
---        end
-        
-     o = s:option(Value, "src_mac", translate("MAC address (Computer Name)")) 
-        o.rmempty = false
-        o.datatype = "macaddr"
-        luci.sys.net.mac_hints(function(mac, name)
-            o:value(mac, "%s (%s)" %{ mac, name })
-        end)
-
-    function validate_time(self, value, section)
-        local hh, mm, ss
-        hh, mm, ss = string.match (value, "^(%d?%d):(%d%d):(%d%d)$")
-        hh = tonumber (hh)
-        mm = tonumber (mm)
-        ss = tonumber (ss)
-        if hh and mm and hh <= 23 and mm <= 59 and ss <= 59 then
-            return value
-        else
-            return nil, "Time value must be HH:MM:SS or empty"
-        end
-    end
-    o = s:option(Value, "start_time", translate("Start time"))
-        o.rmempty = true  -- do not validae blank
-        o.validate = validate_time 
-        o.size = 5
-    o = s:option(Value, "stop_time", translate("End time")) 
-        o.rmempty = true  -- do not validae blank
-        o.validate = validate_time
-        o.size = 5
-
-    local Days = {'Mon','Tue','Wed','Thu','Fri','Sat','Sun'}
-    local Days1 = {'Mon','Tue','Wed','Thu','Fri','Sat','Sun'}
-    
-    function make_day (nday)
-        local day = Days[nday]
-        local label = Days1[nday]
-        local o = s:option(Flag, day, translate(label))
-        o.default = '1'
-        o.rmempty = false  --  always call write
-        
-        -- read from weekdays actually
-        function o.cfgvalue(self, s)
-            local days = self.map:get (s, "weekdays")
-            if days==nil then
-                return '1'
-            end
-            return string.find (days, day) and '1' or '0'
-        end
-     
-        --  prevent saveing option in config file   
-        function o.write(self, section, value)
-            self.map:set(section, self.option, '')
-        end
-    end
-  
-    for i=1,7 do   
-        make_day (i)
-    end   
-    
-    function wd_write(self, section, value)
-        value=''
-        local cnt=0
-        for _,day in ipairs (Days) do
-            local key = "cbid."..self.map.config.."."..section.."."..day
---io.stderr:write (tostring(key)..'='..tostring(mr:formvalue(key))..'\n')
-            if mr:formvalue(key) then
-                value = value..' '..day
-                cnt = cnt+1
-            end
-        end
-        if cnt==7  then  --all days means no filterung 
-            value = ''
-        end
-        self.map:set(section, "weekdays", value)
-    end
-
-
-if CONFIG_FILE_AC==CONFIG_FILE_RULES then
-  return ma
-else
-  return ma, mr
-end
-

package/lean/luci-app-accesscontrol/luasrc/model/cbi/mia.lua

@@ -0,0 +1,61 @@
+
+a=Map("mia",translate("Internet Access Schedule Control"),translate("Access Schedule Control Settins"))
+
+t=a:section(TypedSection,"basic")
+t.anonymous=true
+
+e=t:option(Flag,"enable",translate("Enabled"))
+e.rmempty=false
+
+t=a:section(TypedSection,"macbind",translate("Client Rules"))
+t.template="cbi/tblsection"
+t.anonymous=true
+t.addremove=true
+
+e=t:option(Flag,"enable",translate("√"))
+e.rmempty=false
+e.default="1"
+
+e=t:option(Value,"macaddr",translate("MAC address (Computer Name)"))
+e.rmempty=true
+luci.sys.net.mac_hints(function(t,a)
+e:value(t,"%s (%s)"%{t,a})
+end)
+
+e=t:option(Value,"timeon",translate("Start time"))
+e.default="00:00"
+e.optional=false
+
+e=t:option(Value,"timeoff",translate("End time"))
+e.default="23:59"
+e.optional=false
+
+e=t:option(Flag,"z1",translate("Mon"))
+e.rmempty=true
+e.default=1
+
+e=t:option(Flag,"z2",translate("Tue"))
+e.rmempty=true
+e.default=1
+
+e=t:option(Flag,"z3",translate("Wed"))
+e.rmempty=true
+e.default=1
+
+e=t:option(Flag,"z4",translate("Thu"))
+e.rmempty=true
+e.default=1
+
+e=t:option(Flag,"z5",translate("Fri"))
+e.rmempty=true
+e.default=1
+
+e=t:option(Flag,"z6",translate("Sat"))
+e.rmempty=true
+e.default=1
+
+e=t:option(Flag,"z7",translate("Sun"))
+e.rmempty=true
+e.default=1
+
+return a

package/lean/luci-app-accesscontrol/root/etc/config/access_control

@@ -1,4 +0,0 @@
-
-config access_control 'general'
-	option enabled '0'
-

package/lean/luci-app-accesscontrol/root/etc/config/mia

@@ -0,0 +1,3 @@
+
+config basic
+	option enable '0'

package/lean/luci-app-accesscontrol/root/etc/init.d/mia

@@ -0,0 +1,81 @@
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2015 OpenWrt-dist
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+START=99
+
+CONFIG=mia
+
+uci_get_by_type() {
+	local index=0
+	if [ -n $4 ]; then
+		index=$4
+	fi
+	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+add_rule(){
+for i in $(seq 0 100)
+do
+	local enable=$(uci_get_by_type macbind enable '' $i)
+	local macaddr=$(uci_get_by_type macbind macaddr '' $i)
+	local timeon=$(uci_get_by_type macbind timeon '' $i)
+	local timeoff=$(uci_get_by_type macbind timeoff '' $i)
+	local z1=$(uci_get_by_type macbind z1 '' $i)
+	local z2=$(uci_get_by_type macbind z2 '' $i)
+	local z3=$(uci_get_by_type macbind z3 '' $i)
+	local z4=$(uci_get_by_type macbind z4 '' $i)
+	local z5=$(uci_get_by_type macbind z5 '' $i)
+	local z6=$(uci_get_by_type macbind z6 '' $i)
+	local z7=$(uci_get_by_type macbind z7 '' $i)
+	[ "$z1" == "1" ] && Z1="Mon,"
+	[ "$z2" == "1" ] && Z2="Tue,"
+	[ "$z3" == "1" ] && Z3="Wed,"
+	[ "$z4" == "1" ] && Z4="Thu,"
+	[ "$z5" == "1" ] && Z5="Fri,"
+	[ "$z6" == "1" ] && Z6="Sat,"
+	[ "$z7" == "1" ] && Z7="Sun"
+	if [ -z $enable ] || [ -z $macaddr ] || [ -z $timeoff ] || [ -z $timeon ]; then
+		break
+	fi
+	if [ "$enable" == "1" ]; then
+		iptables -t filter -I MIA  -m mac --mac-source $macaddr -m time --kerneltz --timestart $timeon --timestop $timeoff --weekdays $Z1$Z2$Z3$Z4$Z5$Z6$Z7 -j DROP
+	fi
+	for n in $(seq 1 7)
+	do
+		unset "Z$n"
+	done
+done
+}
+
+del_rule(){
+	type=$1
+	blackMacAdd=$(iptables -t nat -L $type | grep -w RETURN | grep -w "MAC" | awk '{print $7}')
+	[ -n "$blackMacAdd" ] && {
+		for macaddrb in $blackMacAdd
+		do
+			iptables -t nat -D $type -m mac --mac-source $macaddrb -j RETURN
+		done
+	}
+}
+
+start(){
+	enable=$(uci get mia.@basic[0].enable)
+	[ $enable -eq 0 ] && exit 0
+  iptables -t filter -D FORWARD -m comment --comment "Rule For Control" -j MIA 2>/dev/null
+  iptables -t filter -F MIA 2>/dev/null
+  iptables -t filter -X MIA 2>/dev/null
+  iptables -t filter -N MIA
+  iptables -t filter -I FORWARD -m comment --comment "Rule For Control" -j MIA
+  add_rule 
+}
+stop(){
+  iptables -t filter -D FORWARD -m comment --comment "Rule For Control" -j MIA 2>/dev/null
+  iptables -t filter -F MIA 2>/dev/null
+  iptables -t filter -X MIA 2>/dev/null
+}

package/lean/luci-app-accesscontrol/root/etc/mia.include

@@ -0,0 +1 @@
+/etc/init.d/mia restart

package/lean/luci-app-accesscontrol/root/etc/uci-defaults/mia

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@mia[-1]
+	add ucitrack mia
+	set ucitrack.@mia[-1].init=mia
+	commit ucitrack
+	delete firewall.mia
+	set firewall.mia=include
+	set firewall.mia.type=script
+	set firewall.mia.path=/var/etc/mia.include
+	set firewall.mia.reload=1
+	commit firewall
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0