Add toggles to enable/disable options

[Erissio]

I created code draft to implement the MAC logging and MAC address wiping toggles in Blue Merle:

1. views/blue-merle.htm

<label>
  Logging
  <input type="checkbox" id="cbLogging">
</label>

<label>
  MAC Wiping
  <input type="checkbox" id="cbMacWiping">
</label>

2. resources/view/blue-merle.js

// Configs
config.add('logging', true);
config.add('mac_wiping', false);

// UI init
function initUI() {
  document.getElementById('cbLogging').checked = config.get('logging');
  document.getElementById('cbMacWiping').checked = config.get('mac_wiping');

  document.getElementById('cbLogging').onchange = updateConfig;  
  document.getElementById('cbMacWiping').onchange = updateConfig;
}

// Update config
function updateConfig() {
  config.set('logging', this.checked);
  config.set('mac_wiping', this.checked);
  saveConfig();
}

// Save handler
function saveConfig() {

  // Validation

  // Call scripts

  // Persist config

  luci.http.submit();

}

// Init UI
initUI();

// Save on unload  
window.onbeforeunload = saveConfig;

3. files/lib/blue-merle/functions.sh

toggle_mac_wiping() {

  // Wipe/restore MACs logic

}

This will:

1. Add disable/enable logs toggle.

To stop writing logs at all you need to:

/etc/init.d/gl_clients disable
/etc/init.d/gl_clients stop

2. Add toggle to disable/enable https://github.com/srlabs/blue-merle#mac-address-log-wiping
3. Make sure that only one toggle can be enabled simultaneously (1 or 2)

But there is one more way - Lua. And it looks more correct than first one:

-- Define toggles
local log_toggle = nil
local wipe_toggle = nil

-- Function to initialize toggles
function init_toggles()

  -- Log toggle
  log_toggle = SimpleForm("log_toggle")
  log_toggle.title = "Log Toggle"
  log_toggle.reset = false

  log_toggle:append(TextValue("status", ""))
  log_toggle:append(Checkbox("enabled", "Enable Logging"))

  -- Wipe toggle  
  wipe_toggle = SimpleForm("wipe_toggle")  
  wipe_toggle.title = "Wipe Toggle"
  wipe_toggle.reset = false

  wipe_toggle:append(TextValue("status", ""))
  wipe_toggle:append(Checkbox("enabled", "Enable Wiping"))

end

-- Function to handle toggle changes
function toggle_change(section)

  if section == log_toggle then

    -- Disable wiping if logs enabled
    if log_toggle.enabled.value then
      wipe_toggle.enabled.disabled = true
    else
      wipe_toggle.enabled.disabled = false      
    end

    -- Update services based on log toggle
    if log_toggle.enabled.value then
      luci.sys.call("/etc/init.d/gl_clients enable")
      luci.sys.call("/etc/init.d/gl_clients start")      
    else
      luci.sys.call("/etc/init.d/gl_clients disable")
      luci.sys.call("/etc/init.d/gl_clients stop")
    end

  elseif section == wipe_toggle then

    -- Disable logs if wiping enabled  
    if wipe_toggle.enabled.value then
      log_toggle.enabled.disabled = true
    else
      log_toggle.enabled.disabled = false
    end

    -- Update services based on wipe toggle
    if wipe_toggle.enabled.value then
      -- Add code to enable wiping
    else
      -- Add code to disable wiping      
    end

  end

end

-- Initialize toggles
init_toggles()

-- Add toggles to page
entry({"admin", "services", "bluemerle"}, cbi("Blue Merle"), _("Blue Merle")).dependent = false
entry({"admin", "services", "bluemerle"}, firstchild()).dependent = false
entry({"admin", "services", "bluemerle"}, log_toggle, _("Log Toggle")).dependent = false
entry({"admin", "services", "bluemerle"}, wipe_toggle, _("Wipe Toggle")).dependent = false

-- Handle toggle changes
log_toggle.apply = function() toggle_change(log_toggle) end  
wipe_toggle.apply = function() toggle_change(wipe_toggle) end

——— Additional features: ——— This will (if toggle enabled):

1. This will generate router passwords like: Original Password: MyPass123 May 1st Password: MyPass123-01 May 2nd Password: MyPass123-02
2. Block all ports except following: Port 80 - HTTP (web browsing) Port 443 - HTTPS (secure web browsing) Port 53 - DNS (domain name resolution) Port 123 - NTP (network time synchronization)

Luci GUI (firewall.xml)

<form action="/cgi-bin/luci/admin/network/firewall" method="post">

<fieldset id="password">
  <input type="checkbox" name="password_dynamic">
  <label>Enable Dynamic Password</label>

  <select name="password_mode">
   <option value="reboot">Change on Reboot</option>
  </select>
</fieldset>

<fieldset id="max_security">  
  <input type="checkbox" name="max_security_enabled">
  <label>Enable Max Security</label>
</fieldset>

<button type="submit">Save</button>

</form>

uci.lua

password = {}
password.dynamic = luci.http.formvalue("password_dynamic")

max_security = {}
max_security.enabled = luci.http.formvalue("max_security_enabled")

uci:set("wireless", "radio0", "password", "")
uci:set("firewall", "max_security", "enabled", max_security.enabled)  
uci:commit("wireless")
uci:commit("firewall")

password.cron

PASSWORD=`uci get wireless.radio0.password`
DAY=`date +%d`
NEW_PASSWORD="$PASSWORD-$DAY"

uci set wireless.radio0.password="$NEW_PASSWORD"   
uci commit
/etc/init.d/firewall restart

firewall.lua

enabled = uci.get("firewall", "max_security", "enabled")

if enabled == "1" then

  iptables.filter.append("INPUT", "-p tcp --dport 80 -j ACCEPT")
  iptables.filter.append("INPUT", "-p tcp --dport 443 -j ACCEPT")
  iptables.filter.append("INPUT", "-p udp --dport 53 -j ACCEPT")
  iptables.filter.append("INPUT", "-p tcp --dport 123 -j ACCEPT")

  iptables.filter.append("OUTPUT", "-p tcp --sport 80 -j ACCEPT") 
  iptables.filter.append("OUTPUT", "-p tcp --sport 443 -j ACCEPT")
  iptables.filter.append("OUTPUT", "-p udp --sport 53 -j ACCEPT")
  iptables.filter.append("OUTPUT", "-p tcp --sport 123 -j ACCEPT")

  iptables.filter.append("INPUT", "-j DROP")
  iptables.filter.append("OUTPUT", "-j DROP")

else

  # normal rules

end

iptables.apply()

[Erissio]

Additional features I maintained separately. If you don’t like them you can not pay attention to them

[Erissio]

@muelli and @rieck-srlabs please take a look