Add luci-app-bcp38 package

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

net/luci-app-bcp38/Makefile

@@ -0,0 +1,57 @@
+#
+# Copyright (C) 2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-bcp38
+PKG_VERSION:=2
+PKG_RELEASE:=1
+PKG_LICENSE:=Apache-2.0
+LUCI_DIR:=/usr/lib/lua/luci
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/luci-app-bcp38
+  SECTION:=luci
+  CATEGORY:=LuCI
+  TITLE:=BCP38 LuCI interface
+  MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
+  PKGARCH:=all
+  DEPENDS:= lua luci-base +bcp38
+  SUBMENU:=3. Applications
+endef
+
+define Package/luci-app-bcp38/description
+	Control BCP38 subnet blocking
+endef
+
+define Build/Compile
+endef
+
+define Build/Configure
+endef
+
+define Package/luci-app-bcp38/install
+	$(INSTALL_DIR) $(1)$(LUCI_DIR)/controller $(1)$(LUCI_DIR)/model/cbi
+	$(INSTALL_DATA) ./files/bcp38-controller.lua $(1)$(LUCI_DIR)/controller/bcp38.lua
+	$(INSTALL_DATA) ./files/bcp38-cbi.lua $(1)$(LUCI_DIR)/model/cbi/bcp38.lua
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/uci-defaults-bcp38 $(1)/etc/uci-defaults/luci-bcp38
+endef
+
+define Package/luci-app-bcp38/postinst
+#!/bin/sh
+[ -x /etc/uci-defaults/luci-bcp38 ] && /etc/uci-defaults/luci-bcp38 || exit 0
+endef
+
+define Package/luci-app-bcp38/postrm
+#!/bin/sh
+uci delete ucitrack.@bcp38[0]
+uci commit
+endef
+
+$(eval $(call BuildPackage,luci-app-bcp38))

net/luci-app-bcp38/files/bcp38-cbi.lua

@@ -0,0 +1,58 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2014 Toke Høiland-Jørgensen <toke@toke.dk>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+
+local wa = require "luci.tools.webadmin"
+local net = require "luci.model.network".init()
+local ifaces = net:get_interfaces()
+
+m = Map("bcp38", translate("BCP38"),
+	translate("This function blocks packets with private address destinations " ..
+		"from going out onto the internet as per " ..
+		"<a href=\"http://tools.ietf.org/html/bcp38\">BCP 38</a>."))
+
+s = m:section(TypedSection, "bcp38", translate("BCP38 config"))
+s.anonymous = true
+-- BASIC
+e = s:option(Flag, "enabled", translate("Enable"))
+e.rmempty = false
+
+a = s:option(Flag, "detect_upstream", translate("Auto-detect upstream IP"),
+				translate("Attempt to automatically detect if the upstream IP " ..
+					"will be blocked by the configuration, and add an exception if it will. " ..
+					"If this does not work correctly, you can add exceptions manually below."))
+a.rmempty = false
+
+n = s:option(ListValue, "interface", translate("Interface name"), translate("Interface to apply the blocking to " ..
+							"(should be the upstream WAN interface)."))
+for _, iface in ipairs(ifaces) do
+     if iface:is_up() then
+	n:value(iface:name())
+     end
+end
+n.rmempty = false
+
+ma = s:option(DynamicList, "match",
+	translate("Blocked IP ranges"))
+
+ma.datatype = "ip4addr"
+
+nm = s:option(DynamicList, "nomatch",
+	translate("Allowed IP ranges"), translate("Takes precedence over blocked ranges. "..
+						  "Use to whitelist your upstream network if you're behind a double NAT " ..
+						  "and the auto-detection doesn't work."))
+
+nm.datatype = "ip4addr"
+
+
+return m

net/luci-app-bcp38/files/bcp38-controller.lua

@@ -0,0 +1,7 @@
+module("luci.controller.bcp38", package.seeall)
+
+function index()
+	entry({"admin", "network", "firewall", "bcp38"},
+		cbi("bcp38"),
+		_("BCP38"), 50).dependent = false
+end

net/luci-app-bcp38/files/uci-defaults-bcp38

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@bcp38[-1]
+	add ucitrack bcp38
+        add_list ucitrack.@bcp38[0].affects=firewall
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0