gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ab8e0c44bc
secubox-openwrt/package/secubox/luci-app-client-guardian/root/etc/client-guardian/profiles.json
CyberMind-FR 5b55ab3ef9 feat: Dashboard reorganization and auth security fixes 
- Move Debug Console from Client Guardian to System Hub
- Add Auto-Zoning Rules dedicated view in Client Guardian
- Add public pages for Bug Bounty and Crowdfunding (no ACL)
- Fix auth-logger to only detect real login attempts
- Add private IP whitelist for CrowdSec (RFC1918 ranges)
- Update navigation menus across all apps
- Bump secubox-auth-logger to v1.2.2

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-14 09:32:14 +01:00

593 lines
19 KiB
JSON
Raw Blame History

{
"profiles": [
{
"id": "factory_default",
"name": "Configuration Usine",
"description": "Zones firewall par défaut OpenWrt - Réinitialisation standard",
"icon": "🔄",
"is_factory_default": true,
"zones": [
{
"id": "lan",
"name": "Réseau Local (LAN)",
"description": "Tous les appareils du réseau local",
"network": "lan",
"color": "#22c55e",
"icon": "home",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "wan",
"name": "Internet (WAN)",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"is_wan": true,
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "guest",
"name": "Invités",
"description": "Réseau invités isolé (optionnel)",
"network": "guest",
"color": "#8b5cf6",
"icon": "users",
"optional": true,
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "low"
}
],
"auto_zone_rules": [],
"auto_parking_zone": "lan",
"firewall_defaults": {
"input": "ACCEPT",
"output": "ACCEPT",
"forward": "REJECT",
"lan_to_wan": "ACCEPT",
"wan_to_lan": "REJECT"
}
},
{
"id": "family_home",
"name": "Maison Familiale",
"description": "Configuration optimale pour une maison avec parents, enfants et appareils IoT",
"icon": "🏠",
"zones": [
{
"id": "lan_private",
"name": "Réseau Principal",
"description": "Appareils de confiance des parents",
"network": "lan",
"color": "#22c55e",
"icon": "home",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "wan",
"name": "Internet Seul",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "kids",
"name": "Enfants",
"description": "Contrôle parental actif avec horaires",
"network": "lan",
"color": "#06b6d4",
"icon": "child",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 50,
"time_restrictions": true,
"schedule_start": "08:00",
"schedule_end": "21:00",
"content_filter": "kids",
"priority": "normal"
},
{
"id": "iot",
"name": "Objets Connectés",
"description": "Caméras, thermostats, ampoules (isolés)",
"network": "iot",
"color": "#f59e0b",
"icon": "cpu",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 10,
"priority": "low"
},
{
"id": "guest",
"name": "Invités",
"description": "Accès Internet limité pour visiteurs",
"network": "guest",
"color": "#8b5cf6",
"icon": "users",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 25,
"session_duration": 7200,
"portal_required": true,
"priority": "low"
}
],
"auto_zone_rules": [
{"name": "Caméras IP", "match_type": "vendor", "match_value": "Hikvision|Dahua|Reolink|Ubiquiti|Axis", "target_zone": "iot", "priority": 10, "auto_approve": true},
{"name": "Thermostats", "match_type": "vendor", "match_value": "Nest|Ecobee|Honeywell|Tado", "target_zone": "iot", "priority": 15, "auto_approve": true},
{"name": "Ampoules connectées", "match_type": "vendor", "match_value": "Philips Hue|LIFX|Yeelight|Sengled", "target_zone": "iot", "priority": 20, "auto_approve": true},
{"name": "Enceintes connectées", "match_type": "vendor", "match_value": "Amazon|Google|Sonos|Apple", "target_zone": "iot", "priority": 25, "auto_approve": false},
{"name": "Consoles enfants", "match_type": "vendor", "match_value": "Nintendo|Sony.*PlayStation|Microsoft.*Xbox", "target_zone": "kids", "priority": 30, "auto_approve": false},
{"name": "Tablettes enfants", "match_type": "hostname", "match_value": ".*[Kk]id.*|.*[Ee]nfant.*|.*[Cc]hild.*", "target_zone": "kids", "priority": 35, "auto_approve": false},
{"name": "Appareils Apple", "match_type": "vendor", "match_value": "Apple", "target_zone": "lan_private", "priority": 50, "auto_approve": false},
{"name": "PC Windows", "match_type": "vendor", "match_value": "Dell|HP|Lenovo|ASUS|Acer|Microsoft", "target_zone": "lan_private", "priority": 55, "auto_approve": false}
],
"auto_parking_zone": "guest"
},
{
"id": "small_business",
"name": "Petite Entreprise",
"description": "Séparation réseau employés, invités et équipements",
"icon": "🏢",
"zones": [
{
"id": "corporate",
"name": "Réseau Entreprise",
"description": "Postes de travail des employés",
"network": "lan",
"color": "#3b82f6",
"icon": "briefcase",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "wan",
"name": "Internet Seul",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "servers",
"name": "Serveurs",
"description": "Infrastructure critique",
"network": "servers",
"color": "#ef4444",
"icon": "server",
"internet_access": true,
"local_access": true,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "critical"
},
{
"id": "byod",
"name": "BYOD",
"description": "Appareils personnels des employés",
"network": "byod",
"color": "#f59e0b",
"icon": "smartphone",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 50,
"priority": "normal"
},
{
"id": "guest",
"name": "Visiteurs",
"description": "Accès Internet isolé",
"network": "guest",
"color": "#8b5cf6",
"icon": "users",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 10,
"portal_required": true,
"priority": "low"
}
],
"auto_zone_rules": [
{"name": "Serveurs", "match_type": "hostname", "match_value": ".*[Ss]erver.*|.*[Ss]rv.*|.*[Dd][Cc].*|.*[Nn][Aa][Ss].*", "target_zone": "servers", "priority": 5, "auto_approve": false},
{"name": "Imprimantes réseau", "match_type": "vendor", "match_value": "HP|Canon|Epson|Brother|Xerox|Ricoh|Lexmark", "target_zone": "corporate", "priority": 10, "auto_approve": true},
{"name": "Postes Dell/HP", "match_type": "vendor", "match_value": "Dell|HP|Lenovo", "target_zone": "corporate", "priority": 20, "auto_approve": false},
{"name": "Smartphones", "match_type": "vendor", "match_value": "Apple|Samsung|Xiaomi|OnePlus|Google", "target_zone": "byod", "priority": 30, "auto_approve": false},
{"name": "Tablettes", "match_type": "hostname", "match_value": ".*[Ii][Pp]ad.*|.*[Tt]ablet.*|.*[Gg]alaxy.*[Tt]ab.*", "target_zone": "byod", "priority": 35, "auto_approve": false},
{"name": "IoT/Caméras", "match_type": "vendor", "match_value": "Hikvision|Dahua|Ubiquiti|Axis|Ring", "target_zone": "servers", "priority": 40, "auto_approve": true}
],
"auto_parking_zone": "guest"
},
{
"id": "hotel",
"name": "Hôtel / Gîte",
"description": "Gestion multi-chambres avec isolation stricte",
"icon": "🏨",
"zones": [
{
"id": "management",
"name": "Administration",
"description": "Réseau de gestion",
"network": "lan",
"color": "#22c55e",
"icon": "shield",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "critical"
},
{
"id": "wan",
"name": "Internet Seul",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "rooms_floor1",
"name": "Chambres Étage 1",
"description": "Clients étage 1 (isolés)",
"network": "rooms1",
"color": "#3b82f6",
"icon": "bed",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 20,
"portal_required": true,
"priority": "normal"
},
{
"id": "rooms_floor2",
"name": "Chambres Étage 2",
"description": "Clients étage 2 (isolés)",
"network": "rooms2",
"color": "#06b6d4",
"icon": "bed",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 20,
"portal_required": true,
"priority": "normal"
},
{
"id": "public",
"name": "Espaces Communs",
"description": "Lobby, restaurant, bar",
"network": "public",
"color": "#8b5cf6",
"icon": "wifi",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 15,
"portal_required": true,
"priority": "low"
}
],
"auto_zone_rules": [
{"name": "Équipement hôtel", "match_type": "hostname", "match_value": ".*[Rr]eception.*|.*[Hh]otel.*|.*[Aa]dmin.*", "target_zone": "management", "priority": 5, "auto_approve": false},
{"name": "Imprimantes/POS", "match_type": "vendor", "match_value": "HP|Epson|Star Micronics|Ingenico|Verifone", "target_zone": "management", "priority": 10, "auto_approve": true},
{"name": "Smart TV", "match_type": "vendor", "match_value": "Samsung|LG|Sony|Philips|TCL", "target_zone": "rooms_floor1", "priority": 50, "auto_approve": true}
],
"auto_parking_zone": "public"
},
{
"id": "apartment",
"name": "Immeuble / Colocation",
"description": "Isolation stricte entre locataires",
"icon": "🏘️",
"zones": [
{
"id": "landlord",
"name": "Propriétaire",
"description": "Réseau administrateur",
"network": "lan",
"color": "#22c55e",
"icon": "key",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "wan",
"name": "Internet Seul",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "tenant_a",
"name": "Locataire A",
"description": "Appartement/Chambre A",
"network": "tenant_a",
"color": "#3b82f6",
"icon": "door",
"internet_access": true,
"local_access": false,
"inter_client": true,
"bandwidth_limit": 100,
"priority": "normal"
},
{
"id": "tenant_b",
"name": "Locataire B",
"description": "Appartement/Chambre B",
"network": "tenant_b",
"color": "#06b6d4",
"icon": "door",
"internet_access": true,
"local_access": false,
"inter_client": true,
"bandwidth_limit": 100,
"priority": "normal"
},
{
"id": "tenant_c",
"name": "Locataire C",
"description": "Appartement/Chambre C",
"network": "tenant_c",
"color": "#f59e0b",
"icon": "door",
"internet_access": true,
"local_access": false,
"inter_client": true,
"bandwidth_limit": 100,
"priority": "normal"
},
{
"id": "common",
"name": "Parties Communes",
"description": "Couloirs, buanderie",
"network": "common",
"color": "#8b5cf6",
"icon": "building",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 20,
"priority": "low"
}
],
"auto_zone_rules": [
{"name": "Équipement propriétaire", "match_type": "hostname", "match_value": ".*[Ll]andlord.*|.*[Pp]roprio.*|.*[Aa]dmin.*", "target_zone": "landlord", "priority": 5, "auto_approve": false},
{"name": "Imprimantes/NAS", "match_type": "vendor", "match_value": "Synology|QNAP|HP|Brother", "target_zone": "landlord", "priority": 10, "auto_approve": true}
],
"auto_parking_zone": "common"
},
{
"id": "school",
"name": "École / Formation",
"description": "Séparation élèves, enseignants, administration",
"icon": "🎓",
"zones": [
{
"id": "admin",
"name": "Administration",
"description": "Direction et services",
"network": "lan",
"color": "#22c55e",
"icon": "shield",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "wan",
"name": "Internet Seul",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "teachers",
"name": "Enseignants",
"description": "Salle des professeurs",
"network": "teachers",
"color": "#3b82f6",
"icon": "chalkboard",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "students",
"name": "Élèves",
"description": "Salles de classe avec filtrage",
"network": "students",
"color": "#06b6d4",
"icon": "book",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 50,
"content_filter": "kids",
"time_restrictions": true,
"schedule_start": "08:00",
"schedule_end": "17:00",
"priority": "normal"
},
{
"id": "lab",
"name": "Laboratoire Info",
"description": "Postes de travail contrôlés",
"network": "lab",
"color": "#f59e0b",
"icon": "computer",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 100,
"priority": "normal"
}
],
"auto_zone_rules": [
{"name": "Serveurs/NAS", "match_type": "hostname", "match_value": ".*[Ss]erver.*|.*[Ss]rv.*|.*[Nn][Aa][Ss].*", "target_zone": "admin", "priority": 5, "auto_approve": false},
{"name": "Imprimantes", "match_type": "vendor", "match_value": "HP|Canon|Epson|Brother|Xerox|Ricoh", "target_zone": "admin", "priority": 10, "auto_approve": true},
{"name": "Ordinateurs prof", "match_type": "hostname", "match_value": ".*[Pp]rof.*|.*[Tt]eacher.*|.*[Ee]nseignant.*", "target_zone": "teachers", "priority": 15, "auto_approve": false},
{"name": "Postes labo", "match_type": "hostname", "match_value": ".*[Ll]ab.*|.*[Pp][Cc][0-9]+.*|.*[Pp]oste.*", "target_zone": "lab", "priority": 20, "auto_approve": true},
{"name": "Chromebooks", "match_type": "vendor", "match_value": "Google|Acer|ASUS|Dell|HP|Lenovo", "target_zone": "students", "priority": 30, "auto_approve": false},
{"name": "Tablettes élèves", "match_type": "hostname", "match_value": ".*[Ee]leve.*|.*[Ss]tudent.*|.*[Tt]ablet.*", "target_zone": "students", "priority": 35, "auto_approve": false}
],
"auto_parking_zone": "students"
},
{
"id": "secure_home",
"name": "Maison Sécurisée",
"description": "Maximum de segmentation pour sécurité avancée",
"icon": "🔒",
"zones": [
{
"id": "trusted",
"name": "Confiance Totale",
"description": "Appareils principaux uniquement",
"network": "lan",
"color": "#22c55e",
"icon": "shield-check",
"internet_access": true,
"local_access": true,
"inter_client": true,
"bandwidth_limit": 0,
"priority": "critical"
},
{
"id": "wan",
"name": "Internet Seul",
"description": "Accès Internet uniquement - pas d'accès au réseau local",
"network": "wan",
"color": "#ef4444",
"icon": "globe",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "normal"
},
{
"id": "work",
"name": "Télétravail",
"description": "Poste de travail professionnel isolé",
"network": "work",
"color": "#3b82f6",
"icon": "briefcase",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 0,
"priority": "high"
},
{
"id": "iot_secure",
"name": "IoT Sécurisé",
"description": "Appareils connectés de confiance",
"network": "iot_secure",
"color": "#06b6d4",
"icon": "lock",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 10,
"priority": "low"
},
{
"id": "iot_untrusted",
"name": "IoT Non Vérifié",
"description": "Appareils chinois et non certifiés",
"network": "iot_untrusted",
"color": "#f59e0b",
"icon": "alert",
"internet_access": false,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 5,
"priority": "low"
},
{
"id": "guest",
"name": "Invités",
"description": "Accès Internet uniquement",
"network": "guest",
"color": "#8b5cf6",
"icon": "users",
"internet_access": true,
"local_access": false,
"inter_client": false,
"bandwidth_limit": 20,
"portal_required": true,
"priority": "low"
}
],
"auto_zone_rules": [
{"name": "Poste télétravail", "match_type": "hostname", "match_value": ".*[Ww]ork.*|.*[Pp]ro.*|.*[Bb]ureau.*|.*[Oo]ffice.*", "target_zone": "work", "priority": 5, "auto_approve": false},
{"name": "Apple trusted", "match_type": "vendor", "match_value": "Apple", "target_zone": "trusted", "priority": 10, "auto_approve": false},
{"name": "PC confiance", "match_type": "vendor", "match_value": "Dell|Lenovo|HP", "target_zone": "trusted", "priority": 15, "auto_approve": false},
{"name": "IoT marques fiables", "match_type": "vendor", "match_value": "Philips|Nest|Ecobee|Sonos|Lutron|Ring", "target_zone": "iot_secure", "priority": 20, "auto_approve": true},
{"name": "Caméras pro", "match_type": "vendor", "match_value": "Ubiquiti|Axis|Reolink", "target_zone": "iot_secure", "priority": 25, "auto_approve": true},
{"name": "IoT chinois", "match_type": "vendor", "match_value": "Tuya|Xiaomi|Yeelight|Shenzhen|Espressif|Tasmota", "target_zone": "iot_untrusted", "priority": 30, "auto_approve": true},
{"name": "IoT inconnu", "match_type": "hostname", "match_value": ".*[Ee][Ss][Pp].*|.*[Tt]asmota.*|.*[Ss]onoff.*", "target_zone": "iot_untrusted", "priority": 35, "auto_approve": true}
],
"auto_parking_zone": "guest"
}
]
}
Reference in New Issue View Git Blame Copy Permalink