├── Makefile ├── README.md ├── luasrc ├── controller │ └── fullconenat.lua └── model │ └── cbi │ └── fullconenat.lua ├── po └── zh-cn │ └── fullconenat.po └── root ├── etc ├── config │ └── fullconenat ├── init.d │ └── fullconenat └── uci-defaults │ └── fullconenat └── usr └── share └── rpcd └── acl.d └── luci-app-fullconenat.json /Makefile: -------------------------------------------------------------------------------- 1 | #-- Copyright (C) 2018 dz 2 | 3 | include $(TOPDIR)/rules.mk 4 | 5 | LUCI_TITLE:=LuCI support for FullConeNat 6 | LUCI_DEPENDS:=+iptables-mod-fullconenat 7 | LUCI_PKGARCH:=all 8 | PKG_VERSION:=1.3 9 | PKG_RELEASE:=3 10 | 11 | include $(TOPDIR)/feeds/luci/luci.mk 12 | 13 | # call BuildPackage - OpenWrt buildroot signature 14 | 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # luci-app-fullconenat 2 | 3 | 本软件包是 [fullconenat]的 LuCI 控制界面 4 | 5 | [fullconenat]: https://github.com/LGA1150/openwrt-fullconenat 6 | -------------------------------------------------------------------------------- /luasrc/controller/fullconenat.lua: -------------------------------------------------------------------------------- 1 | module("luci.controller.fullconenat", package.seeall) 2 | 3 | function index() 4 | if not nixio.fs.access("/etc/config/fullconenat") then 5 | return 6 | end 7 | local page 8 | page = entry({"admin", "network", "fullconenat"}, cbi("fullconenat"), _("fullconenat"), 101) 9 | page.i18n = "fullconenat" 10 | page.dependent = true 11 | page.acl_depends = { "luci-app-fullconenat" } 12 | end 13 | -------------------------------------------------------------------------------- /luasrc/model/cbi/fullconenat.lua: -------------------------------------------------------------------------------- 1 | #-- Copyright (C) 2018 dz 2 | 3 | local fwm = require "luci.model.firewall".init() 4 | local def = fwm:get_defaults() 5 | local zn = fwm:get_zone("wan") 6 | local m, s, o, fw3_buildin, has_module, status, des 7 | 8 | local function testcmd (cmd) 9 | return luci.sys.call(cmd) == 0 10 | end 11 | 12 | has_module = testcmd("modprobe -q xt_FULLCONENAT") 13 | fw3_buildin = testcmd("strings `which fw3` | grep -q fullcone") 14 | 15 | m = Map("fullconenat", translate("Full cone NAT"), 16 | translate("FullConeNat.")) 17 | status="Not supported, Kernel module needed: xt_FULLCONENAT" 18 | if has_module then 19 | if testcmd("iptables -t nat -L -n --line-numbers | grep FULLCONENAT >/dev/null") then 20 | status="Running" 21 | else 22 | status="Not Running" 23 | end 24 | end 25 | 26 | m = Map("fullconenat", translate("FullConeNat"), "%s - %s" %{translate("FULLCONENAT"), translate(status)}) 27 | 28 | des = fw3_buildin and "Build-in mode, set the `fullcone` option to firewall configure either." or "Manual mode, write to the firewall custom rules settings only." 29 | s = m:section(TypedSection, "fullconenat", translate("Settings"), translate(des)) 30 | s.anonymous = true 31 | 32 | o = s:option(ListValue, "mode", translate("Register modes"), translate("Warning!!! There is security risk if enabled.")) 33 | o.widget = "radio" 34 | o.orientation = "horizontal" 35 | o.default = "disable" 36 | o.rmempty = false 37 | o:value("disable", translate("Disable")) 38 | o:value("ips", translate("IP Address Only")) 39 | o:value("all", translate("ALL Enabled")) 40 | o.cfgvalue = function (self, sec) 41 | local ret = "disable" 42 | if fw3_buildin and def:get("fullcone") == "1" then 43 | ret = "all" 44 | else 45 | ret = self.map:get(sec, self.option) 46 | end 47 | return has_module and ret or "disable" 48 | end 49 | o.write = function (self, sec, val) 50 | val = has_module and val or "disable" 51 | if fw3_buildin then 52 | def:set("fullcone", val == "all" and 1 or 0) 53 | zn:set("fullcone", val == "all" and 1 or 0) 54 | end 55 | fwm.commit() 56 | return self.map:set(sec, self.option, val) 57 | end 58 | 59 | o = s:option(Value, "fullconenat_ip", translate("FullConeNat IP"), translate("Enable FullConeNat for specified IP Address.") .. "
" .. (fw3_buildin and translate("Manual mode, write to the firewall custom rules settings only.") or "")) 60 | o.placeholder="192.168.1.100,192.168.1.101,192.168.1.102" 61 | o.rempty = true 62 | o.optional = false 63 | o:depends("mode", "ips") 64 | 65 | return m 66 | -------------------------------------------------------------------------------- /po/zh-cn/fullconenat.po: -------------------------------------------------------------------------------- 1 | msgid "fullconenat" 2 | msgstr "全端口映射" 3 | 4 | msgid "FULLCONENAT" 5 | msgstr "Fullcone NAT" 6 | 7 | msgid "Running" 8 | msgstr "正在运行" 9 | 10 | msgid "Not Running" 11 | msgstr "未运行" 12 | 13 | msgid "Not supported, Kernel module needed: xt_FULLCONENAT" 14 | msgstr "不支持,缺少 xt_FULLCONENAT 内核组件" 15 | 16 | msgid "Settings" 17 | msgstr "设置" 18 | 19 | msgid "Build-in mode, set the `fullcone` option to firewall configure either." 20 | msgstr "防火墙内置模式,同时配置防火墙(firewall)中对应的选项。" 21 | 22 | msgid "Manual mode, write to the firewall custom rules settings only." 23 | msgstr "手动模式,仅将配置写入到防火墙(firewall)自定义规则中。" 24 | 25 | msgid "Register modes" 26 | msgstr "运行模式" 27 | 28 | msgid "Disable" 29 | msgstr "停用" 30 | 31 | msgid "IP Address Only" 32 | msgstr "限指定IP" 33 | 34 | msgid "ALL Enabled" 35 | msgstr "全网开启" 36 | 37 | msgid "Warning!!! There is security risk if enabled." 38 | msgstr "警告!!!开启后存在安全风险。" 39 | 40 | msgid "FullConeNat IP" 41 | msgstr "映射IP" 42 | 43 | msgid "Enable FullConeNat for specified IP Address." 44 | msgstr "多IP映射用英文逗号分隔。" 45 | 46 | -------------------------------------------------------------------------------- /root/etc/config/fullconenat: -------------------------------------------------------------------------------- 1 | config fullconenat 'config' 2 | option mode 'disable' 3 | option fullconenat_ip '192.168.1.100' 4 | -------------------------------------------------------------------------------- /root/etc/init.d/fullconenat: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | #-- Copyright (C) 2018 dz 3 | 4 | START=99 5 | 6 | re=0 7 | 8 | start(){ 9 | local fw3_buildin mode fullconenat_ip fullcone masq 10 | strings `which fw3` | grep -q "fullcone" 11 | fw3_buildin=$? 12 | mode=$(uci get fullconenat.config.mode 2>/dev/null) 13 | if modprobe -q "xt_FULLCONENAT"; then 14 | [ $fw3_buildin -eq 0 ] && echo -n "fw3 build-in, change settings in /etc/config/firewall either. " 15 | echo "$mode." 16 | else 17 | echo "not supported." 18 | return 1 19 | fi 20 | fullcone=0 21 | fullconenat_ip=$(uci get fullconenat.config.fullconenat_ip 2>/dev/null) 22 | if [ "$mode" == "ips" ]; then 23 | sed -i '/FULLCONENAT/d' /etc/firewall.user 24 | echo "iptables -t nat -A zone_wan_prerouting -j FULLCONENAT" >> /etc/firewall.user 25 | echo "iptables -t nat -A zone_wan_postrouting -s $fullconenat_ip -j FULLCONENAT" >> /etc/firewall.user 26 | echo "iptables -t nat -A zone_wan_postrouting -j MASQUERADE" >> /etc/firewall.user 27 | elif [ "$mode" == "all" ]; then 28 | if [ $fw3_buildin -ne 0 ]; then 29 | iptables -t nat -D zone_wan_postrouting -s $fullconenat_ip -j FULLCONENAT 30 | iptables -t nat -D zone_wan_postrouting -j MASQUERADE 31 | sed -i '/zone_wan_postrouting -j MASQUERADE/d' /etc/firewall.user 32 | sed -i '/FULLCONENAT/d' /etc/firewall.user 33 | echo "iptables -t nat -A zone_wan_prerouting -j FULLCONENAT" >> /etc/firewall.user 34 | echo "iptables -t nat -A zone_wan_postrouting -j FULLCONENAT" >> /etc/firewall.user 35 | else 36 | fullcone=1 37 | fi 38 | fi 39 | [ $fw3_buildin -eq 0 ] && { 40 | uci set firewall.@defaults[0].fullcone=$fullcone 41 | uci set firewall.@zone[1].fullcone=$fullcone 42 | } 43 | uci commit firewall 44 | /etc/init.d/firewall restart 45 | } 46 | 47 | stop(){ 48 | fullconenat_ip=$(uci get fullconenat.config.fullconenat_ip 2>/dev/null) 49 | mode=$(uci get fullconenat.config.mode 2>/dev/null) 50 | echo "$mode, $fullconenat_ip" 51 | iptables -t nat -D zone_wan_prerouting -j FULLCONENAT 52 | iptables -t nat -D zone_wan_postrouting -s $fullconenat_ip -j FULLCONENAT 53 | iptables -t nat -D zone_wan_postrouting -j MASQUERADE 54 | iptables -t nat -D zone_wan_postrouting -j FULLCONENAT 55 | sed -i '/zone_wan_postrouting -j MASQUERADE/d' /etc/firewall.user 56 | sed -i '/FULLCONENAT/d' /etc/firewall.user 57 | [ $re -eq 0 ] && { 58 | uci set firewall.@defaults[0].fullcone=0 59 | uci set firewall.@zone[1].fullcone=0 60 | uci commit firewall 61 | /etc/init.d/firewall restart 62 | } 63 | } 64 | 65 | 66 | restart(){ 67 | re=1 68 | stop 69 | start 70 | } 71 | -------------------------------------------------------------------------------- /root/etc/uci-defaults/fullconenat: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | uci -q batch <<-EOF >/dev/null 4 | delete ucitrack.@fullconenat[-1] 5 | add ucitrack fullconenat 6 | set ucitrack.@fullconenat[-1].init=fullconenat 7 | commit ucitrack 8 | EOF 9 | 10 | /etc/init.d/fullconenat enable 11 | 12 | rm -f /tmp/luci-indexcache 13 | exit 0 14 | -------------------------------------------------------------------------------- /root/usr/share/rpcd/acl.d/luci-app-fullconenat.json: -------------------------------------------------------------------------------- 1 | { 2 | "luci-app-fullconenat": { 3 | "description": "Grant UCI access for luci-app-fullconenat", 4 | "read": { 5 | "uci": [ "fullconenat" ] 6 | }, 7 | "write": { 8 | "uci": [ "fullconenat" ] 9 | } 10 | } 11 | } 12 | --------------------------------------------------------------------------------