Merge pull request #2264 from dibdot/banip

luci-app-banip: new package

applications/luci-app-banip/Makefile

@@ -0,0 +1,12 @@
+# Copyright 2018 Dirk Brenken (dev@brenken.org)
+# This is free software, licensed under the Apache License, Version 2.0
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for banIP
+LUCI_DEPENDS:=+banip +luci-lib-jsonc
+LUCI_PKGARCH:=all
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

applications/luci-app-banip/luasrc/controller/banip.lua

@@ -0,0 +1,100 @@
+-- Copyright 2018 Dirk Brenken (dev@brenken.org)
+-- This is free software, licensed under the Apache License, Version 2.0
+
+module("luci.controller.banip", package.seeall)
+
+local util  = require("luci.util")
+local http  = require("luci.http")
+local i18n  = require("luci.i18n")
+local json  = require("luci.jsonc")
+local uci   = require("luci.model.uci").cursor()
+
+function index()
+	if not nixio.fs.access("/etc/config/banip") then
+		return
+	end
+	entry({"admin", "services", "banip"}, firstchild(), _("banIP"), 40).dependent = false
+	entry({"admin", "services", "banip", "tab_from_cbi"}, cbi("banip/overview_tab", {hideresetbtn=true, hidesavebtn=true}), _("Overview"), 10).leaf = true
+	entry({"admin", "services", "banip", "ipset"}, template("banip/ipsetview"), _("IPSet-Lookup"), 20).leaf = true
+	entry({"admin", "services", "banip", "ripe"}, template("banip/ripeview"), _("RIPE-Lookup"), 30).leaf = true
+	entry({"admin", "services", "banip", "log"}, template("banip/logview"), _("View Logfile"), 40).leaf = true
+	entry({"admin", "services", "banip", "advanced"}, firstchild(), _("Advanced"), 100)
+	entry({"admin", "services", "banip", "advanced", "blacklist"}, form("banip/blacklist_tab"), _("Edit Blacklist"), 110).leaf = true
+	entry({"admin", "services", "banip", "advanced", "whitelist"}, form("banip/whitelist_tab"), _("Edit Whitelist"), 120).leaf = true
+	entry({"admin", "services", "banip", "advanced", "configuration"}, form("banip/configuration_tab"), _("Edit Configuration"), 130).leaf = true
+	entry({"admin", "services", "banip", "ipsetview"}, call("ipset_view"), nil).leaf = true
+	entry({"admin", "services", "banip", "ripeview"}, call("ripe_view"), nil).leaf = true
+	entry({"admin", "services", "banip", "logview"}, call("log_view"), nil).leaf = true
+	entry({"admin", "services", "banip", "status"}, call("status_update"), nil).leaf = true
+	entry({"admin", "services", "banip", "action"}, call("ban_action"), nil).leaf = true
+end
+
+function ban_action(name)
+	if name == "do_refresh" then
+		luci.sys.call("/etc/init.d/banip start >/dev/null 2>&1")
+	end
+	luci.http.prepare_content("text/plain")
+	luci.http.write("0")
+end
+
+function status_update()
+	local rt_file
+	local content
+
+	rt_file = uci:get("banip", "global", "ban_rtfile") or "/tmp/ban_runtime.json"
+
+	if nixio.fs.access(rt_file) then
+		content = json.parse(nixio.fs.readfile(rt_file) or "")
+		http.prepare_content("application/json")
+		http.write_json(content)
+	end
+end
+
+function log_view()
+	local content
+
+	if nixio.fs.access("/var/log/messages") then
+		content = util.trim(util.exec("grep -F 'banIP-' /var/log/messages"))
+	else
+		content = util.trim(util.exec("logread -e 'banIP-' 2>/dev/null"))
+	end
+
+	if content == "" then
+		content = "No banIP related logs yet!"
+	end
+	http.write(content)
+end
+
+function ipset_view(ipset, filter)
+	local content
+
+	if not (ipset or filter) then
+		return
+	end
+
+	if filter == "false" then
+		content = util.trim(util.exec("ipset -L " .. ipset .. " 2>/dev/null"))
+	else
+		content = util.trim(util.exec("ipset -L " .. ipset .. " 2>/dev/null | grep -e 'packets [1-9]\\|^[A-Z]'"))
+	end
+
+	if content == "" then
+		content = "IPSet is empty!"
+	end
+	http.write(content)
+end
+
+function ripe_view(query, input)
+	local content
+
+	if not (query or input) then
+		return
+	end
+
+	content = util.trim(util.exec("uclient-fetch --no-check-certificate -O- https://stat.ripe.net/data/" ..query.. "/data.json?resource=" ..input.. " 2>/dev/null"))
+	
+	if content == "" then
+		content = "No response!"
+	end
+	http.write(content)
+end

applications/luci-app-banip/luasrc/model/cbi/banip/blacklist_tab.lua

@@ -0,0 +1,55 @@
+-- Copyright 2018 Dirk Brenken (dev@brenken.org)
+-- This is free software, licensed under the Apache License, Version 2.0
+
+local fs    = require("nixio.fs")
+local util  = require("luci.util")
+local uci   = require("luci.model.uci").cursor()
+local input = uci:get("banip", "blacklist", "ban_src") or uci:get("banip", "blacklist", "ban_src_6") or "/etc/banip/adblock.blacklist"
+
+if not fs.access(input) then
+	m = SimpleForm("error", nil, translate("Input file not found, please check your configuration."))
+	m.reset = false
+	m.submit = false
+	return m
+end
+
+if fs.stat(input).size >= 102400 then
+	m = SimpleForm("error", nil,
+		translate("The file size is too large for online editing in LuCI (≥ 100 KB). ")
+		.. translate("Please edit this file directly in a terminal session."))
+	m.reset = false
+	m.submit = false
+	return m
+end
+
+m = SimpleForm("edit", nil)
+m:append(Template("banip/banip_css"))
+m.submit = translate("Save")
+m.reset = false
+
+s = m:section(SimpleSection, nil,
+	translatef("This form allows you to modify the content of the banIP blacklist (%s).<br />", input)
+	.. translate("Please add only one IPv4 or IPv6 address per line. IP ranges in CIDR notation and comments introduced with '#' are allowed."))
+
+f = s:option(TextValue, "data")
+f.datatype = "string"
+f.rows = 20
+f.rmempty = true
+
+function f.cfgvalue()
+	return fs.readfile(input) or ""
+end
+
+function f.write(self, section, data)
+	return fs.writefile(input, "\n" .. util.trim(data:gsub("\r\n", "\n")) .. "\n")
+end
+
+function f.remove(self, section, value)
+	return fs.writefile(input, "")
+end
+
+function s.handle(self, state, data)
+	return true
+end
+
+return m

applications/luci-app-banip/luasrc/model/cbi/banip/configuration_tab.lua

@@ -0,0 +1,52 @@
+-- Copyright 2018 Dirk Brenken (dev@brenken.org)
+-- This is free software, licensed under the Apache License, Version 2.0
+
+local fs    = require("nixio.fs")
+local util  = require("luci.util")
+local input = "/etc/config/banip"
+
+if not fs.access(input) then
+	m = SimpleForm("error", nil, translate("Input file not found, please check your configuration."))
+	m.reset = false
+	m.submit = false
+	return m
+end
+
+if fs.stat(input).size >= 102400 then
+	m = SimpleForm("error", nil,
+		translate("The file size is too large for online editing in LuCI (≥ 100 KB). ")
+		.. translate("Please edit this file directly in a terminal session."))
+	m.reset = false
+	m.submit = false
+	return m
+end
+
+m = SimpleForm("edit", nil)
+m:append(Template("banip/banip_css"))
+m.submit = translate("Save")
+m.reset = false
+
+s = m:section(SimpleSection, nil,
+	translate("This form allows you to modify the content of the main banIP configuration file (/etc/config/banip)."))
+
+f = s:option(TextValue, "data")
+f.rows = 20
+f.rmempty = true
+
+function f.cfgvalue()
+	return fs.readfile(input) or ""
+end
+
+function f.write(self, section, data)
+	return fs.writefile(input, "\n" .. util.trim(data:gsub("\r\n", "\n")) .. "\n")
+end
+
+function f.remove(self, section, value)
+	return fs.writefile(input, "")
+end
+
+function s.handle(self, state, data)
+	return true
+end
+
+return m

applications/luci-app-banip/luasrc/model/cbi/banip/overview_tab.lua

@@ -0,0 +1,200 @@
+-- Copyright 2018 Dirk Brenken (dev@brenken.org)
+-- This is free software, licensed under the Apache License, Version 2.0
+
+local fs      = require("nixio.fs")
+local uci     = require("luci.model.uci").cursor()
+local sys     = require("luci.sys")
+local net     = require "luci.model.network".init()
+local util    = require("luci.util")
+local dump    = util.ubus("network.interface", "dump", {})
+local devices = sys.net:devices()
+
+m = Map("banip", translate("banIP"),
+	translate("Configuration of the banIP package to block ip adresses/subnets via IPSet. ")
+	.. translatef("For further information "
+	.. "<a href=\"%s\" target=\"_blank\">"
+	.. "check the online documentation</a>", "https://github.com/openwrt/packages/blob/master/net/banip/files/README.md"))
+
+-- Main banIP Options
+
+s = m:section(NamedSection, "global", "banip")
+
+o1 = s:option(Flag, "ban_enabled", translate("Enable banIP"))
+o1.default = o1.disabled
+o1.rmempty = false
+
+o2 = s:option(Flag, "ban_automatic", translate("Automatic WAN Interface Detection"))
+o2.default = o2.enabled
+o2.rmempty = false
+
+o3 = s:option(ListValue, "ban_iface", " ")
+for _, dev in ipairs(devices) do
+	if dev ~= "lo" and dev ~= "br-lan" then
+		local iface = net:get_interface(dev)
+		if iface then
+			iface = iface:get_networks() or {}
+			for k, v in pairs(iface) do
+				iface[k] = iface[k].sid
+				if iface[k] ~= "lan" then
+					o3:value(iface[k], iface[k].. " (" ..dev.. ")")
+				end
+			end
+		end
+	end
+end
+o3.default = ban_iface
+o3.rmempty = false
+
+o4 = s:option(ListValue, "ban_fetchutil", translate("Download Utility"),
+	translate("List of supported and fully pre-configured download utilities."))
+o4:value("uclient-fetch")
+o4:value("wget")
+o4:value("curl")
+o4:value("aria2c")
+o4:value("wget-nossl", "wget-nossl (noSSL)")
+o4:value("busybox", "wget-busybox (noSSL)")
+o4.default = "uclient-fetch"
+o4.rmempty = false
+	
+-- Runtime Information
+
+ds = s:option(DummyValue, "_dummy")
+ds.template = "banip/runtime"
+
+-- Source Table
+
+bl = m:section(TypedSection, "source", translate("IP Blocklist Sources"))
+bl.template = "banip/sourcelist"
+
+ssl = bl:option(DummyValue, "ban_src", translate("SSL req."))
+function ssl.cfgvalue(self, section)
+	local source = self.map:get(section, "ban_src") or self.map:get(section, "ban_src_6")
+	if source then
+		if source:match("https://") then
+			return translate("Yes")
+		else
+			return translate("No")
+		end
+	end
+	return translate("n/a")
+end
+
+name_4 = bl:option(Flag, "ban_src_on", translate("enable IPv4"))
+name_4.rmempty = false
+
+name_6 = bl:option(Flag, "ban_src_on_6", translate("enable IPv6"))
+name_6.rmempty = false
+
+type = bl:option(ListValue, "ban_src_ruletype", translate("SRC/DST"))
+type:value("src")
+type:value("dst")
+type:value("src+dst")
+type.default = "src"
+type.rmempty = false
+
+des = bl:option(DummyValue, "ban_src_desc", translate("Description"))
+
+cat = bl:option(DynamicList, "ban_src_cat", translate("ASN/Country"))
+cat.datatype = "uciname"
+cat.optional = true
+
+-- Extra options
+
+e = m:section(NamedSection, "extra", "banip", translate("Extra Options"),
+	translate("Options for further tweaking in case the defaults are not suitable for you."))
+
+e1 = e:option(Flag, "ban_debug", translate("Verbose Debug Logging"),
+	translate("Enable verbose debug logging in case of any processing error."))
+e1.default = e1.disabled
+e1.rmempty = false
+
+e2 = e:option(Flag, "ban_nice", translate("Low Priority Service"),
+	translate("Set the nice level to 'low priority' and banIP background processing will take less resources from the system. ")
+	..translate("This change requires a manual service stop/re-start to take effect."))
+e2.default = e2.disabled
+e2.disabled = "0"
+e2.enabled = "10"
+e2.rmempty = false
+
+e3 = e:option(Value, "ban_maxqueue", translate("Max. Download Queue"),
+	translate("Size of the download queue to handle downloads &amp; IPset processing in parallel (default '8'). ")
+	.. translate("For further performance improvements you can raise this value, e.g. '16' or '32' should be safe."))
+e3.default = 8
+e3.datatype = "range(1,32)"
+e3.rmempty = false
+
+e4 = e:option(Value, "ban_triggerdelay", translate("Trigger Delay"),
+	translate("Additional trigger delay in seconds before banIP processing begins."))
+e4.default = 2
+e4.datatype = "range(1,60)"
+e4.optional = true
+
+e5 = e:option(Value, "ban_fetchparm", translate("Download Options"),
+	translate("Special options for the selected download utility, e.g. '--timeout=20 --no-check-certificate -O'."))
+e5.optional = true
+
+e10 = e:option(Value, "ban_wan_input_chain", translate("WAN Input Chain IPv4"))
+e10.default = "input_wan_rule"
+e10.datatype = "uciname"
+e10.optional = true
+
+e11 = e:option(Value, "ban_wan_forward_chain", translate("WAN Forward Chain IPv4"))
+e11.default = "forwarding_wan_rule"
+e11.datatype = "uciname"
+e11.optional = true
+
+e12 = e:option(Value, "ban_lan_input_chain", translate("LAN Input Chain IPv4"))
+e12.default = "input_lan_rule"
+e12.datatype = "uciname"
+e12.optional = true
+
+e13 = e:option(Value, "ban_lan_forward_chain", translate("LAN Forward Chain IPv4"))
+e13.default = "forwarding_lan_rule"
+e13.datatype = "uciname"
+e13.optional = true
+
+e14 = e:option(ListValue, "ban_target_src", translate("SRC Target IPv4"))
+e14:value("REJECT")
+e14:value("DROP")
+e14.default = "DROP"
+e14.optional = true
+
+e15 = e:option(ListValue, "ban_target_dst", translate("DST Target IPv4"))
+e15:value("REJECT")
+e15:value("DROP")
+e15.default = "REJECT"
+e15.optional = true
+
+e16 = e:option(Value, "ban_wan_input_chain_6", translate("WAN Input Chain IPv6"))
+e16.default = "input_wan_rule"
+e16.datatype = "uciname"
+e16.optional = true
+
+e17 = e:option(Value, "ban_wan_forward_chain_6", translate("WAN Forward Chain IPv6"))
+e17.default = "forwarding_wan_rule"
+e17.datatype = "uciname"
+e17.optional = true
+
+e18 = e:option(Value, "ban_lan_input_chain_6", translate("LAN Input Chain IPv6"))
+e18.default = "input_lan_rule"
+e18.datatype = "uciname"
+e18.optional = true
+
+e19 = e:option(Value, "ban_lan_forward_chain_6", translate("LAN Forward Chain IPv6"))
+e19.default = "forwarding_lan_rule"
+e19.datatype = "uciname"
+e19.optional = true
+
+e20 = e:option(ListValue, "ban_target_src_6", translate("SRC Target IPv6"))
+e20:value("REJECT")
+e20:value("DROP")
+e20.default = "DROP"
+e20.optional = true
+
+e21 = e:option(ListValue, "ban_target_dst_6", translate("DST Target IPv6"))
+e21:value("REJECT")
+e21:value("DROP")
+e21.default = "REJECT"
+e21.optional = true
+
+return m

applications/luci-app-banip/luasrc/model/cbi/banip/whitelist_tab.lua

@@ -0,0 +1,55 @@
+-- Copyright 2018 Dirk Brenken (dev@brenken.org)
+-- This is free software, licensed under the Apache License, Version 2.0
+
+local fs    = require("nixio.fs")
+local util  = require("luci.util")
+local uci   = require("luci.model.uci").cursor()
+local input = uci:get("banip", "whitelist", "ban_src") or uci:get("banip", "whitelist", "ban_src_6") or "/etc/banip/adblock.whitelist"
+
+if not fs.access(input) then
+	m = SimpleForm("error", nil, translate("Input file not found, please check your configuration."))
+	m.reset = false
+	m.submit = false
+	return m
+end
+
+if fs.stat(input).size >= 102400 then
+	m = SimpleForm("error", nil,
+		translate("The file size is too large for online editing in LuCI (≥ 100 KB). ")
+		.. translate("Please edit this file directly in a terminal session."))
+	m.reset = false
+	m.submit = false
+	return m
+end
+
+m = SimpleForm("edit", nil)
+m:append(Template("banip/banip_css"))
+m.submit = translate("Save")
+m.reset = false
+
+s = m:section(SimpleSection, nil,
+	translatef("This form allows you to modify the content of the banIP whitelist (%s).<br />", input)
+	.. translate("Please add only one IPv4 or IPv6 address per line. IP ranges in CIDR notation and comments introduced with '#' are allowed."))
+
+f = s:option(TextValue, "data")
+f.datatype = "string"
+f.rows = 20
+f.rmempty = true
+
+function f.cfgvalue()
+	return fs.readfile(input) or ""
+end
+
+function f.write(self, section, data)
+	return fs.writefile(input, "\n" .. util.trim(data:gsub("\r\n", "\n")) .. "\n")
+end
+
+function f.remove(self, section, value)
+	return fs.writefile(input, "")
+end
+
+function s.handle(self, state, data)
+	return true
+end
+
+return m

applications/luci-app-banip/luasrc/view/banip/banip_css.htm

@@ -0,0 +1,91 @@
+<style type="text/css">
+	textarea
+	{
+		border: 1px solid #cccccc;
+		padding: 5px;
+		font-size: 12px;
+		font-family: monospace;
+		resize: none;
+		white-space: pre;
+		overflow-wrap: normal;
+		overflow-x: scroll;
+	}
+
+	select[readonly],
+	textarea[readonly]
+	{
+		width: 100%;
+		height: 450px;
+		border: 1px solid #cccccc;
+		padding: 5px;
+		font-size: 12px;
+		font-family: monospace;
+		resize: none;
+		pointer-events: auto;
+		cursor: auto;
+	}
+
+	.table.cbi-section-table .th,
+	.table.cbi-section-table .td,
+	.cbi-section-table-cell,
+	.cbi-section-table-row,
+	.tr[data-title]::before
+	{
+		text-align: left;
+		vertical-align: top;
+		margin-left: 0px;
+		padding-left: 2px;
+	}
+
+	.table.cbi-section-table .th
+	{
+		white-space: nowrap;
+	}
+
+	.cbi-section-table-row > .cbi-value-field .cbi-input-select,
+	.table.cbi-section-table select
+	{
+		width: 70px;
+	}
+
+	.cbi-section-table-row > .cbi-value-field [data-dynlist] > input,
+	.table.cbi-section-table input[type="text"],
+	.cbi-dynlist > .item,
+	.table.cbi-section-table input
+	{
+		width: 6em;
+	}
+
+	.cbi-input-checkbox
+	{
+		height: 1em;
+	}
+	
+	.cbi-input-text
+	{
+		text-align: left;
+		padding-left: 2px;
+		outline: none;
+		box-shadow: none;
+		background: transparent;
+		width: 4em;
+	}
+	
+	.runtime
+	{
+		color: #37c;
+		font-weight: bold;
+		display: inline-block;
+		width: 100%;
+		padding-top: 0.5rem;
+	}
+	
+	.ripe_desc
+	{
+		font-style: italic;
+		display: inline-block;
+		width: 100%;
+		height: 20px;
+		margin: 2px 2px;
+	}
+</style>

applications/luci-app-banip/luasrc/view/banip/ipsetview.htm

@@ -0,0 +1,66 @@
+<%#
+Copyright 2018 Dirk Brenken (dev@brenken.org)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%-
+	local util   = require("luci.util")
+	local ipsets = util.split(util.trim(util.exec("ipset -n -L 2>/dev/null | sort")), "\n", nil, true) or {}
+-%>
+
+<%+header%>
+<%+banip/banip_css%>
+
+<script type="text/javascript">
+//<![CDATA[
+	function ipset_view()
+	{
+		var ipset  = div_ipsets.querySelector("#s_ipsets").value;
+		var filter = document.getElementById("checkbox_filter").checked;
+		var view   = document.getElementById("view_id");
+
+		if (!ipset)
+		{
+			return;
+		}
+		view.value = "<%:Loading ...%>";
+
+	new XHR().get('<%=luci.dispatcher.build_url("admin", "services", "banip")%>/ipsetview/' + ipset + "/" + filter, null,
+		function(x)
+		{
+		if (!x)
+			{
+				view.value = "<%:No response!%>";
+				return;
+			}
+			view.value = x.responseText;
+		});
+	}
+//]]>
+</script>
+
+<div class="cbi-map">
+	<div class="cbi-section">
+		<div class="cbi-section-descr"><%:Check the current available IPSets.%></div>
+		<div class="cbi-section-node">
+			<div class="table cbi-section-table">
+				<div class="tr cbi-section-table-row">
+					<div class="td left">
+						<input class="cbi-input-checkbox" data-update="click change" type="checkbox" id="checkbox_filter" name="checkbox_filter" value="1" checked="checked" />
+						<label for="checkbox_filter"><%_Show only set member with packet counter &gt; 0%></label>
+					</div>
+				</div>
+				<div class="tr cbi-section-table-row" id="div_ipsets">
+					<div class="td left">
+						<select id="s_ipsets" class="cbi-input-select cbi-button" style="width:15em">
+							<%- for _, z in ipairs(ipsets) do -%><option value="<%=z%>"><%=z%></option><%- end -%>
+						</select>
+						<input type="button" id="bt_load" value="<%:Load%>" onclick="ipset_view()" class="cbi-button cbi-button-add" />
+					</div>
+				</div>
+			</div>
+		</div>
+		<textarea id="view_id" readonly="readonly" wrap="off" value=""></textarea>
+	</div>
+</div>
+<%+footer%>

applications/luci-app-banip/luasrc/view/banip/logview.htm

@@ -0,0 +1,36 @@
+<%#
+Copyright 2018 Dirk Brenken (dev@brenken.org)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%+header%>
+<%+banip/banip_css%>
+
+<script type="text/javascript">
+//<![CDATA[
+	function log_update()
+	{
+		XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "services", "banip", "logview")%>', null,
+		function(x)
+		{
+			if (!x)
+			{
+				return;
+			}
+			var view       = document.getElementById("view_id");
+			view.value     = x.responseText;
+			view.scrollTop = view.scrollHeight;
+		});
+	}
+	window.onload = log_update();
+//]]>
+</script>
+
+<div class="cbi-map">
+	<div class="cbi-section">
+		<div class="cbi-section-descr"><%:The syslog output, pre-filtered for banIP related messages only.%></div>
+		<textarea id="view_id" readonly="readonly" wrap="off" value=""></textarea>
+	</div>
+</div>
+
+<%+footer%>

applications/luci-app-banip/luasrc/view/banip/ripeview.htm

@@ -0,0 +1,105 @@
+<%#
+Copyright 2018 Dirk Brenken (dev@brenken.org)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%+header%>
+<%+banip/banip_css%>
+
+<script type="text/javascript">
+//<![CDATA[
+	function ripe_desc()
+	{
+		var query  = div_ripe.querySelector("#s_ripe").value;
+		var output = document.getElementById("ripe_desc");
+		
+		switch (query) {
+			case "geoloc":
+				output.innerHTML = "<%:This data call returns geolocation information for the given IP space, or for announced IP prefixes in the case of ASNs.%>";
+			break;
+			case "as-overview":
+				output.innerHTML = "<%:This data call shows general informations about an ASN like its announcement status and the name of its holder according to the WHOIS service.%>";
+			break;
+			case "announced-prefixes":
+				output.innerHTML = "<%:This data call returns all announced prefixes for a given ASN.%>";
+			break;
+			case "network-info":
+				output.innerHTML = "<%:This data call returns the containing prefix and announcing ASN of a given IP address.%>";
+			break;
+			case "country-resource-list":
+				output.innerHTML = "<%:This data call lists the Internet resources associated with a country, including ASNs, IPv4 ranges and IPv4/6 CIDR prefixes.%>";
+			break;
+			case "whois":
+				output.innerHTML = "<%:This data call returns whois information from the relevant Regional Internet Registry and Routing Registry.%>";
+			break;
+			case "dns-chain":
+				output.innerHTML = "<%:This data call returns the recursive chain of DNS forward (A/AAAA/CNAME) and reverse (PTR) records starting form either a hostname or an IP address.%>";
+			break;
+			case "iana-registry-info":
+				output.innerHTML = "<%:This data call gives access to various data sources maintained by IANA.%>";
+			break;
+			default:
+				output.innerHTML = "";
+		}
+	}
+
+	function ripe_view()
+	{
+		var query = div_ripe.querySelector("#s_ripe").value;
+		var input = document.getElementById("ripe_input");
+		var view  = document.getElementById("view_id");
+
+		if (!input.value)
+		{
+			return;
+		}
+		view.value = "<%:Loading ...%>";
+
+		new XHR().get('<%=luci.dispatcher.build_url("admin", "services", "banip")%>/ripeview/' + query + "/" + input.value, null,
+		function(x)
+		{
+		if (!x)
+			{
+				view.value = "<%:No response!%>";
+				return;
+			}
+			view.value = x.responseText;
+		});
+	}
+	window.onload = ripe_desc;
+//]]>
+</script>
+
+<div class="cbi-map">
+	<div class="cbi-section">
+		<div class="cbi-section-descr"><%_The RIPEstat Data API is the public data interface provided by RIPE NCC, for details look <a href="https://stat.ripe.net/docs/data_api" target="_blank" rel="noopener noreferrer">here</a>.%></div>
+		<div class="cbi-section-node">
+			<div class="table cbi-section-table">
+				<div class="tr cbi-section-table-row">
+					<div class="td left">
+						<input class="cbi-input-text" style="width:20em" type="text" id="ripe_input" placeholder="<%:Enter IP/CIDR/ASN/ISO%>" value="" />
+					</div>
+				</div>
+				<div class="tr cbi-section-table-row" id="div_ripe">
+					<div class="td left">
+						<select id="s_ripe" class="cbi-input-select cbi-button" style="width:15em" onchange="ripe_desc()">
+							<option value="geoloc" selected="selected"><%:Geo Location%></option>
+							<option value="as-overview"><%:ASN Overview%></option>
+							<option value="announced-prefixes"><%:ASN Prefixes%></option>
+							<option value="network-info"><%:IP/ASN Mapping%></option>
+							<option value="country-resource-list"><%:Country Resources%></option>
+							<option value="whois"><%:Whois Information%></option>
+							<option value="dns-chain"><%:DNS Chain%></option>
+							<option value="iana-registry-info"><%:IANA Information%></option>
+						</select>
+						<input type="button" id="bt_load" value="<%:Load%>" onclick="ripe_view()" class="cbi-button cbi-button-add" /><br /><br />
+						<span class="ripe_desc" id="ripe_desc"></span>
+					</div>
+				</div>
+			</div>
+		</div>
+		<textarea id="view_id" readonly="readonly" wrap="off" value=""></textarea>
+	</div>
+</div>
+
+<%+footer%>

applications/luci-app-banip/luasrc/view/banip/runtime.htm

@@ -0,0 +1,130 @@
+<%#
+Copyright 2018 Dirk Brenken (dev@brenken.org)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%+banip/banip_css%>
+<script type="text/javascript">
+//<![CDATA[
+	function status_update(json)
+	{
+			var btn1         = document.getElementById("btn1");
+			var btn1_running = document.getElementById("btn1_running");
+			var view         = document.getElementById("value_1");
+			var input        = json.data.status;
+
+			btn1.value = "<%:Refresh%>";
+			btn1.name  = "do_refresh";
+			view.innerHTML = input || "-";
+			if (input != "running")
+			{
+				btn1.disabled = false;
+				running(btn1_running, 0);
+			}
+			view = document.getElementById("value_2");
+			input = json.data.version;
+			view.innerHTML = input || "-";
+			view = document.getElementById("value_3");
+			input = json.data.fetch_info;
+			view.innerHTML = input || "-";
+			view = document.getElementById("value_4");
+			input = json.data.ipset_info;
+			view.innerHTML = input || "-";
+			view = document.getElementById("value_5");
+			input = json.data.last_run;
+			view.innerHTML = input || "-";
+	}
+
+function btn_action(action)
+	{
+		var btn1 = document.getElementById("btn1");
+		var btn1_running = document.getElementById("btn1_running");
+
+		btn1.disabled = true;
+		running(btn1_running, 1);
+
+		new XHR.get('<%=luci.dispatcher.build_url("admin", "services", "banip")%>/action/' + action.name, null,
+		function(x)
+		{
+			if (!x)
+			{
+				return;
+			}
+		});
+	}
+
+	function running(element, state)
+	{
+		if (state === 1)
+		{
+			var running_html = '<img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" width="16" height="16" style="vertical-align:middle" />';
+			element.innerHTML = running_html;
+		}
+		else
+		{
+			element.innerHTML = '';
+		}
+	}
+
+	XHR.get('<%=luci.dispatcher.build_url("admin", "services", "banip", "status")%>', null,
+	function(x, json_info)
+	{
+		if (!x || !json_info)
+		{
+			return;
+		}
+		status_update(json_info)
+	});
+
+	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "services", "banip", "status")%>', null,
+	function(x, json_info)
+	{
+		if (!x || !json_info)
+		{
+			return;
+		}
+		status_update(json_info)
+	});
+//]]>
+</script>
+
+<h3><%:Runtime Information%></h3>
+<div class="cbi-value" id="status_1">
+	<label class="cbi-value-title" for="status_1"><%:banIP Status%></label>
+	<div class="cbi-value-field">
+		<span class="runtime" id="value_1">-</span>
+	</div>
+</div>
+<div class="cbi-value" id="status_2">
+	<label class="cbi-value-title" for="status_2"><%:banIP Version%></label>
+	<div class="cbi-value-field">
+		<span class="runtime" id="value_2">-</span>
+	</div>
+</div>
+<div class="cbi-value" id="status_3">
+	<label class="cbi-value-title" for="status_3"><%:Download Utility (SSL Library)%></label>
+	<div class="cbi-value-field">
+		<span class="runtime" id="value_3">-</span>
+	</div>
+</div>
+<div class="cbi-value" id="status_4">
+	<label class="cbi-value-title" for="status_4"><%:IPSet Information%></label>
+	<div class="cbi-value-field">
+		<span class="runtime" id="value_4">-</span>
+	</div>
+</div>
+<div class="cbi-value" id="status_5">
+	<label class="cbi-value-title" for="status_5"><%:Last Run%></label>
+	<div class="cbi-value-field">
+		<span class="runtime" id="value_5">-</span>
+	</div>
+</div>
+<hr />
+<div class="cbi-value" id="button_1">
+	<label class="cbi-value-title" for="button_1"><%:Refresh IPSets%></label>
+	<div class="cbi-value-field">
+		<input class="cbi-button cbi-button-apply" id="btn1" type="button" name="do_refresh" value="<%:Refresh%>" onclick="btn_action(this)" />
+		<span id="btn1_running" style="display:inline-block; width:16px; height:16px; margin:0 5px"></span>
+	</div>
+</div>
+

applications/luci-app-banip/luasrc/view/banip/sourcelist.htm

@@ -0,0 +1,47 @@
+<%#
+Copyright 2018 Dirk Brenken (dev@brenken.org)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%-
+local anonclass  = (not self.anonymous or self.sectiontitle) and "named" or "anonymous"
+-%>
+
+<%+banip/banip_css%>
+
+<div class="cbi-section" id="cbi-<%=self.config%>-<%=self.sectiontype%>">
+	<% if self.title then -%>
+		<h3><%=self.title%></h3>
+	<%- end %>
+	<div class="cbi-section-descr"><%=self.description%></div>
+	<div class="cbi-section-node">
+		<div class="table cbi-section-table">
+			<div class="tr cbi-section-table-titles <%=anonclass%>">
+			<%- for i, k in pairs(self.children) do -%>
+				<div class="th cbi-section-table-cell">
+					<%-=k.title-%>
+				</div>
+			<%- end -%>
+			</div>
+			<%- local section, scope, isempty = true
+				for i, k in ipairs(self:cfgsections()) do
+					section = k
+					local sectionname  = striptags((type(self.sectiontitle) == "function") and self:sectiontitle(section) or k)
+					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname)
+					isempty = false
+					scope = { valueheader = "cbi/cell_valueheader", valuefooter = "cbi/cell_valuefooter" }
+			-%>
+			<div class="tr cbi-section-table-row" id="cbi-<%=self.config%>-<%=section%>"<%=sectiontitle%>>
+				<%-
+					for k, node in ipairs(self.children) do
+						node:render(section, scope or {})
+					end
+					if not scope.cbid:match("ban_src_cat") then
+				-%>
+					<div class="td cbi-value-field">&#160;</div>
+				<%- end -%>
+			</div>
+			<%- end -%>
+		</div>
+	</div>
+</div>

applications/luci-app-banip/root/etc/uci-defaults/40_luci-banip

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@banip[-1]
+	add ucitrack banip
+	set ucitrack.@banip[-1].init=banip
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0