From 3a4843f341c9d0c5749b9cad4c82eacf67b0a79c Mon Sep 17 00:00:00 2001
From: "S. Brusch" <ne20002@gmx.ch>
Date: Mon, 30 Jan 2023 20:40:13 +0100
Subject: [PATCH] crowdsec-firewall-bouncer: add app

Signed-off-by: S. Brusch <ne20002@gmx.ch>

Maintainer: S. Brusch <ne20002@gmx.ch>
Compile tested: no compile, script
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3

Description: this is the luci app for crowdsec-firewall-bouncer package
---
 .../Makefile                                  | 18 +++++
 .../view/crowdsec-firewall-bouncer/form.js    | 64 ++++++++++++++++
 .../po/en/crowdsec-firewall-bouncer.po        | 73 +++++++++++++++++++
 .../templates/crowdsec-firewall-bouncer.pot   | 70 ++++++++++++++++++
 .../luci-app-crowdsec-firewall-bouncer.json   | 13 ++++
 .../luci-app-crowdsec-firewall-bouncer.json   | 11 +++
 6 files changed, 249 insertions(+)
 create mode 100644 applications/luci-app-crowdsec-firewall-bouncer/Makefile
 create mode 100644 applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer/form.js
 create mode 100644 applications/luci-app-crowdsec-firewall-bouncer/po/en/crowdsec-firewall-bouncer.po
 create mode 100644 applications/luci-app-crowdsec-firewall-bouncer/po/templates/crowdsec-firewall-bouncer.pot
 create mode 100644 applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/luci/menu.d/luci-app-crowdsec-firewall-bouncer.json
 create mode 100644 applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/rpcd/acl.d/luci-app-crowdsec-firewall-bouncer.json

diff --git a/applications/luci-app-crowdsec-firewall-bouncer/Makefile b/applications/luci-app-crowdsec-firewall-bouncer/Makefile
new file mode 100644
index 000000000000..fb28d24ae41c
--- /dev/null
+++ b/applications/luci-app-crowdsec-firewall-bouncer/Makefile
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=CrowdSec firewall bouncer LuCI interface
+LUCI_DEPENDS:=+luci-base +crowdsec-firewall-bouncer
+
+PKG_MAINTAINER:=S. Brusch <ne20002@gmx.ch>
+PKG_LICENSE:=Apache-2.0
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer/form.js b/applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer/form.js
new file mode 100644
index 000000000000..b8fe2ae02d70
--- /dev/null
+++ b/applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer/form.js
@@ -0,0 +1,64 @@
+'use strict';
+'require view';
+'require form';
+'require tools.widgets as widgets';
+
+return view.extend({
+	render: function() {
+		var m, s, o;
+
+		m = new form.Map('crowdsec', _('CrowdSec'),
+			_('Gain <a href="http://www.crowdsec.net">crowd-sourced</a> protection against malicious IPs. ' +
+			'Benefit from the most accurate CTI in the world.'));
+
+
+		s = m.section(form.TypedSection, 'bouncer', _('Bouncer'));
+		s.anonymous = true;
+
+		o = s.option(form.Flag, 'enabled', _('Enable'));
+		o.default = '0';
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'api_url', _('URL of local API'),
+			_('The URL of your local CrowdSec API instance.')); 
+		o.default = '';
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'api_key', _('API key'),
+			_('The key of your bouncer as registered on the local CrowdSec API.'));
+		o.default = '';
+		o.password = true;
+		o.rmempty = false;
+
+		o = s.option(widgets.DeviceSelect, 'interface', _('Filtered interfaces'),
+			_('List of interfaces with traffic to be filtered.'));
+		o.noaliases = true;
+		o.multiple = true;
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'ipv6', _('Enable support for IPv6'),
+			_('If unchecked IPv6 will not be filtered.'));
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'filter_input', _('Filter input chain'),
+			_('Block packets from filtered interfaces addressed to the router itself.'));
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'filter_forward', _('Filter forward chain'),
+			_('Block packets from filtered interfaces addressed to devices in your network.'));
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'deny_log', _('Log filtered ip addresses'),
+			_('If checked, a log statement will be added to the firewall rule and blocked ' +
+			'ip addresses will be logged to System Log.'));
+		o.default = '0';
+		o.rmempty = false;
+
+
+		return m.render();
+	},
+});
+
diff --git a/applications/luci-app-crowdsec-firewall-bouncer/po/en/crowdsec-firewall-bouncer.po b/applications/luci-app-crowdsec-firewall-bouncer/po/en/crowdsec-firewall-bouncer.po
new file mode 100644
index 000000000000..6b1a24876bcf
--- /dev/null
+++ b/applications/luci-app-crowdsec-firewall-bouncer/po/en/crowdsec-firewall-bouncer.po
@@ -0,0 +1,73 @@
+msgid ""
+msgstr ""
+"Language: en\n"
+"Content-Type: text/plain; charset=UTF-8"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:11
+msgid ""
+"Gain <a href=\"http://www.crowdsec.net\">crowd-sourced</a> protection against malicious IPs. "
+"Benefit from the most accurate CTI in the world."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:18
+msgid "Enable"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:22
+msgid "URL of local API"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:23
+msgid "The URL of your local CrowdSec API instance."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:27
+msgid "API key"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:28
+msgid "The key of your bouncer as registered on the local CrowdSec API."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:33
+msgid "Filtered interfaces"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:34
+msgid "List of interfaces with traffic to be filtered."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:40
+msgid "Enable support for IPv6"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:41
+msgid "If unchecked IPv6 will not be filtered."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:45
+msgid "Filter input chain"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:46
+msgid "Block packets from filtered interfaces addressed to the router itself."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:50
+msgid "Filter forward chain"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:51
+msgid "Block packets from filtered interfaces addressed to devices in your network."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:55
+msgid "Log filtered ip addresses"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:56
+msgid ""
+"If checked, a log statement will be added to the firewall rule and blocked "
+"ip addresses will be logged to System Log."
+msgstr ""
diff --git a/applications/luci-app-crowdsec-firewall-bouncer/po/templates/crowdsec-firewall-bouncer.pot b/applications/luci-app-crowdsec-firewall-bouncer/po/templates/crowdsec-firewall-bouncer.pot
new file mode 100644
index 000000000000..8274a654baf5
--- /dev/null
+++ b/applications/luci-app-crowdsec-firewall-bouncer/po/templates/crowdsec-firewall-bouncer.pot
@@ -0,0 +1,70 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:11
+msgid ""
+"Gain <a href=\"http://www.crowdsec.net\">crowd-sourced</a> protection against malicious IPs. "
+"Benefit from the most accurate CTI in the world."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:18
+msgid "Enable"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:22
+msgid "URL of local API"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:23
+msgid "The URL of your local CrowdSec API instance."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:27
+msgid "API key"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:28
+msgid "The key of your bouncer as registered on the local CrowdSec API."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:33
+msgid "Filtered interfaces"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:34
+msgid "List of interfaces with traffic to be filtered."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:40
+msgid "Enable support for IPv6"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:41
+msgid "If unchecked IPv6 will not be filtered."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:45
+msgid "Filter input chain"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:46
+msgid "Block packets from filtered interfaces addressed to the router itself."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:50
+msgid "Filter forward chain"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:51
+msgid "Block packets from filtered interfaces addressed to devices in your network."
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:55
+msgid "Log filtered ip addresses"
+msgstr ""
+
+#: applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer.form.js:56
+msgid ""
+"If checked, a log statement will be added to the firewall rule and blocked "
+"ip addresses will be logged to System Log."
+msgstr ""
diff --git a/applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/luci/menu.d/luci-app-crowdsec-firewall-bouncer.json b/applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/luci/menu.d/luci-app-crowdsec-firewall-bouncer.json
new file mode 100644
index 000000000000..12bc1631c50c
--- /dev/null
+++ b/applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/luci/menu.d/luci-app-crowdsec-firewall-bouncer.json
@@ -0,0 +1,13 @@
+{
+	"admin/network/firewall/crowdsec-firewall-bouncer": {
+		"title": "CrowdSec Bouncer",
+		"order": 60,
+		"action": {
+			"type": "view",
+			"path": "crowdsec-firewall-bouncer/form"
+		},
+		"depends": {
+			"acl": [ "luci-app-crowdsec-firewall-bouncer" ]
+		}
+	},
+}
diff --git a/applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/rpcd/acl.d/luci-app-crowdsec-firewall-bouncer.json b/applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/rpcd/acl.d/luci-app-crowdsec-firewall-bouncer.json
new file mode 100644
index 000000000000..bc35211a2ac9
--- /dev/null
+++ b/applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/rpcd/acl.d/luci-app-crowdsec-firewall-bouncer.json
@@ -0,0 +1,11 @@
+{
+	"luci-app-crowdsec-firewall-bouncer": {
+		"description": "Grant UCI access to LuCI app crowdsec-firewall-bouncer",
+		"read": {
+			"uci": [ "crowdsec" ]
+		},
+		"write": {
+			"uci": [ "crowdsec" ]
+		}
+	}
+}