gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fd54253f66
secubox-openwrt/package/secubox/luci-app-client-guardian/root/etc/config/client-guardian
CyberMind-FR 14af23774a fix(client-guardian): Safe defaults + emergency clear + safety limits 
BREAKING: Default policy changed from quarantine to open
- Disabled by default (was enabled)
- Default policy: open (was quarantine - blocked new devices!)
- Auto-zoning: disabled by default
- Auto-parking zone: lan_private (was guest)
- Night block schedule: disabled by default
- Threat auto-ban: disabled by default

Safety mechanisms added:
- MAX_BLOCKED_DEVICES limit (10) prevents mass blocking
- check_safety_limit() function validates before blocking
- clear_all_cg_rules() emergency function via RPCD
- safety_status RPCD method to check current state

UI improvements:
- Added warnings for restrictive policies
- Reordered options (safe options first)
- Clearer descriptions of consequences

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:46:26 +01:00

306 lines
7.5 KiB
Plaintext
Raw Blame History

config client-guardian 'config'
option enabled '0'
option default_policy 'open'
option quarantine_zone 'quarantine'
option scan_interval '30'
option auto_approve '1'
option log_level 'info'
# Dashboard Reactiveness
option auto_refresh '1'
option refresh_interval '10'
# Debug Mode
option debug_enabled '0'
option debug_level 'INFO'
option enable_active_scan '0'
# Auto-Zoning / Auto-Parking - DISABLED BY DEFAULT for safety
option auto_zoning_enabled '0'
option auto_parking_zone 'lan_private'
option auto_parking_approve '1'
# Alert Configuration
config alerts 'alerts'
option enabled '1'
option new_client_alert '1'
option banned_attempt_alert '1'
option quota_exceeded_alert '1'
option suspicious_activity_alert '1'
config email 'email'
option enabled '0'
option smtp_server 'smtp.gmail.com'
option smtp_port '587'
option smtp_user ''
option smtp_password ''
option smtp_tls '1'
option from_address 'guardian@router.local'
list recipients ''
config sms 'sms'
option enabled '0'
option provider 'twilio'
option api_key ''
option api_secret ''
option from_number ''
list recipients ''
# Network Zones
config zone 'lan_private'
option name 'LAN Privé'
option description 'Réseau local de confiance'
option network 'lan'
option color '#22c55e'
option icon 'home'
option internet_access '1'
option local_access '1'
option inter_client '1'
option bandwidth_limit '0'
option time_restrictions '0'
option content_filter 'none'
config zone 'iot'
option name 'IoT'
option description 'Objets connectés isolés'
option network 'iot'
option color '#f59e0b'
option icon 'cpu'
option internet_access '1'
option local_access '0'
option inter_client '0'
option bandwidth_limit '10'
option time_restrictions '0'
option content_filter 'none'
config zone 'kids'
option name 'Enfants'
option description 'Accès filtré pour enfants'
option network 'lan'
option color '#06b6d4'
option icon 'child'
option internet_access '1'
option local_access '1'
option inter_client '1'
option bandwidth_limit '50'
option time_restrictions '1'
option content_filter 'kids'
option schedule_start '08:00'
option schedule_end '21:00'
list schedule_days 'mon'
list schedule_days 'tue'
list schedule_days 'wed'
list schedule_days 'thu'
list schedule_days 'fri'
list schedule_days 'sat'
list schedule_days 'sun'
config zone 'guest'
option name 'Invités'
option description 'Accès Internet limité'
option network 'guest'
option color '#8b5cf6'
option icon 'users'
option internet_access '1'
option local_access '0'
option inter_client '0'
option bandwidth_limit '25'
option time_restrictions '0'
option content_filter 'adult'
config zone 'wan'
option name 'Internet Seul'
option description 'Accès Internet uniquement - pas d accès au réseau local'
option network 'wan'
option color '#ef4444'
option icon 'globe'
option internet_access '1'
option local_access '0'
option inter_client '0'
option bandwidth_limit '0'
option time_restrictions '0'
option content_filter 'none'
config zone 'quarantine'
option name 'Quarantaine'
option description 'Clients non approuvés'
option network 'quarantine'
option color '#ef4444'
option icon 'shield-alert'
option internet_access '0'
option local_access '0'
option inter_client '0'
option bandwidth_limit '1'
config zone 'blocked'
option name 'Bloqué'
option description 'Clients bannis'
option network 'null'
option color '#1f2937'
option icon 'ban'
option internet_access '0'
option local_access '0'
option inter_client '0'
# Content Filters
config filter 'kids_filter'
option name 'Filtre Enfants'
option type 'whitelist'
list categories 'education'
list categories 'kids'
list categories 'games_safe'
list blocked_categories 'adult'
list blocked_categories 'violence'
list blocked_categories 'gambling'
list blocked_categories 'drugs'
list blocked_categories 'weapons'
option safe_search '1'
option youtube_restricted '1'
config filter 'adult_filter'
option name 'Filtre Adulte'
option type 'blacklist'
list blocked_categories 'malware'
list blocked_categories 'phishing'
list blocked_categories 'illegal'
option safe_search '0'
config filter 'strict_filter'
option name 'Filtre Strict'
option type 'whitelist'
list allowed_domains ''
option block_all_else '1'
# URL Lists
config urllist 'whitelist_global'
option name 'Liste Blanche Globale'
option type 'whitelist'
list urls 'google.com'
list urls 'wikipedia.org'
list urls 'education.gouv.fr'
config urllist 'blacklist_global'
option name 'Liste Noire Globale'
option type 'blacklist'
list urls ''
# Parental Schedules
config schedule 'school_hours'
option name 'Heures Scolaires'
option enabled '0'
option action 'block'
option start_time '08:00'
option end_time '16:00'
list days 'mon'
list days 'tue'
list days 'wed'
list days 'thu'
list days 'fri'
config schedule 'night_block'
option name 'Blocage Nocturne'
option enabled '0'
option action 'block'
option start_time '22:00'
option end_time '07:00'
list days 'mon'
list days 'tue'
list days 'wed'
list days 'thu'
list days 'fri'
list days 'sat'
list days 'sun'
config schedule 'weekend_limit'
option name 'Limite Weekend'
option enabled '0'
option action 'quota'
option daily_quota '180'
list days 'sat'
list days 'sun'
# Threat Intelligence Integration - DISABLED by default for safety
config threat_policy 'threat_policy'
option enabled '0'
option auto_ban_threshold '95'
option auto_quarantine_threshold '90'
option threat_check_interval '60'
# Auto-Zoning Rules
# Rules are evaluated in order, first match wins
# IoT Devices - Chinese brands
config auto_zone_rule 'rule_xiaomi'
option enabled '1'
option name 'Xiaomi Devices'
option match_type 'vendor'
option match_value 'Xiaomi'
option target_zone 'iot'
option auto_approve '0'
option priority '10'
config auto_zone_rule 'rule_tuya'
option enabled '1'
option name 'Tuya Smart Devices'
option match_type 'vendor'
option match_value 'Tuya'
option target_zone 'iot'
option auto_approve '0'
option priority '10'
config auto_zone_rule 'rule_tp_link'
option enabled '1'
option name 'TP-Link Smart Home'
option match_type 'vendor'
option match_value 'TP-Link'
option target_zone 'iot'
option auto_approve '0'
option priority '10'
# Mobile devices - Kids tablets
config auto_zone_rule 'rule_kids_tablet'
option enabled '1'
option name 'Kids Tablets'
option match_type 'hostname'
option match_pattern 'tablet-.*|.*-kid.*|samsung-tab-kid'
option target_zone 'kids'
option auto_approve '1'
option priority '20'
# Guest devices - Temporary
config auto_zone_rule 'rule_guest_android'
option enabled '1'
option name 'Guest Android Phones'
option match_type 'hostname'
option match_pattern 'android-.*|Galaxy-.*|Pixel-.*'
option target_zone 'guest'
option auto_approve '0'
option priority '30'
config auto_zone_rule 'rule_guest_iphone'
option enabled '1'
option name 'Guest iPhones'
option match_type 'hostname'
option match_pattern 'iPhone.*|iPad.*'
option target_zone 'guest'
option auto_approve '0'
option priority '30'
# Trusted devices - Apple ecosystem
config auto_zone_rule 'rule_apple_trusted'
option enabled '0'
option name 'Apple Devices (Trusted)'
option match_type 'vendor'
option match_value 'Apple'
option target_zone 'lan_private'
option auto_approve '1'
option priority '40'
# IoT Cameras
config auto_zone_rule 'rule_cameras'
option enabled '1'
option name 'IP Cameras'
option match_type 'hostname'
option match_pattern '.*camera.*|.*cam.*|ipcam.*|IPCam.*'
option target_zone 'iot'
option auto_approve '0'
option priority '15'
Reference in New Issue View Git Blame Copy Permalink