crowdsec-firewall-bouncer: add app

Signed-off-by: S. Brusch <ne20002@gmx.ch>

Maintainer: S. Brusch <ne20002@gmx.ch>
Compile tested: no compile, script
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3

Description: this is the luci app for crowdsec-firewall-bouncer package

applications/luci-app-crowdsec-firewall-bouncer/Makefile

@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=CrowdSec firewall bouncer LuCI interface
+LUCI_DEPENDS:=+luci-base +crowdsec-firewall-bouncer
+
+PKG_MAINTAINER:=S. Brusch <ne20002@gmx.ch>
+PKG_LICENSE:=Apache-2.0
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

applications/luci-app-crowdsec-firewall-bouncer/htdocs/luci-static/resources/view/crowdsec-firewall-bouncer/form.js

@@ -0,0 +1,65 @@
+'use strict';
+'require view';
+'require form';
+'require tools.widgets as widgets';
+
+return view.extend({
+	render: function() {
+		var m, s, o;
+
+		m = new form.Map('crowdsec', _('CrowdSec'),
+			_('Gain <a href="http://www.crowdsec.net">crowd-sourced</a> protection against malicious IPs. ' +
+			'Benefit from the most accurate CTI in the world.'));
+
+
+		s = m.section(form.TypedSection, 'bouncer', _('Bouncer'));
+		s.anonymous = true;
+
+		o = s.option(form.Flag, 'enabled', _('Enabled'));
+		o.default = '0';
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'api_url', _('URL of local API'),
+			_('The URL of your local CrowdSec API instance.')); 
+		o.default = '';
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'api_key', _('API key'),
+			_('The key of your bouncer as registered on the local CrowdSec API.'));
+		o.default = '';
+		o.password = true;
+		o.rmempty = false;
+
+		o = s.option(widgets.DeviceSelect, 'interface', _('Filtered interfaces'),
+			_('List of interfaces with traffic to be filtered.'));
+		o.modalonly = true;
+		o.noaliases = true;
+		o.multiple = true;
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'ipv6', _('Enable support for IPv6'),
+			_('If unchecked IPv6 will not be filtered.'));
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'filter_input', _('Filter input chain'),
+			_('Block packets from filtered interfaces addressed to the router itself.'));
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'filter_forward', _('Filter forward chain'),
+			_('Block packets from filtered interfaces addressed to devices in your network.'));
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Flag, 'deny_log', _('Log filtered ip addresse'),
+			_('If checked, a log statement will be added to the firewall rule and blocked ' +
+			'ip addresses will be logged to System Log.'));
+		o.default = '0';
+		o.rmempty = false;
+
+
+		return m.render();
+	},
+});
+

applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/luci/menu.d/luci-app-crowdsec-firewall-bouncer.json

@@ -0,0 +1,13 @@
+{
+	"admin/network/firewall/crowdsec-firewall-bouncer": {
+		"title": "CrowdSec Bouncer",
+		"order": 60,
+		"action": {
+			"type": "view",
+			"path": "crowdsec-firewall-bouncer/form"
+		},
+		"depends": {
+			"acl": [ "luci-app-crowdsec-firewall-bouncer" ]
+		}
+	},
+}

applications/luci-app-crowdsec-firewall-bouncer/root/usr/share/rpcd/acl.d/luci-app-crowdsec-firewall-bouncer.json

@@ -0,0 +1,11 @@
+{
+	"luci-app-crowdsec-firewall-bouncer": {
+		"description": "Grant UCI access to LuCI app crowdsec-firewall-bouncer",
+		"read": {
+			"uci": [ "crowdsec" ]
+		},
+		"write": {
+			"uci": [ "crowdsec" ]
+		}
+	}
+}