Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

applications/luci-firewall: use option "name" instead of deprecated "_name", expose "extra" option, add enable/disable toggles for portforwards, snats and rules

Browse source
This commit is contained in:
Jo-Philipp Wich 2011-12-20 03:14:54 +00:00
parent 48838ea0f7
commit 0f71faaf34
5 changed files with 179 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

146
applications/luci-firewall/luasrc/model/cbi/firewall/forward-details.lua
View file

@ -14,6 +14,9 @@ $Id$
local sys = require "luci.sys"
local dsp = require "luci.dispatcher"
local ft = require "luci.tools.firewall"
local m, s, o
arg[1] = arg[1] or ""
@ -29,7 +32,7 @@ if m.uci:get("firewall", arg[1]) ~= "redirect" then
luci.http.redirect(m.redirect)
return
else
local name = m:get(arg[1], "_name")
local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
if not name or #name == 0 then
name = translate("(Unnamed Entry)")
end
@ -56,26 +59,17 @@ s = m:section(NamedSection, arg[1], "redirect", "")
s.anonymous = true
s.addremove = false
s:tab("general", translate("General Settings"))
s:tab("advanced", translate("Advanced Settings"))
ft.opt_enabled(s, Button)
ft.opt_name(s, Value, translate("Name"))
name = s:taboption("general", Value, "_name", translate("Name"))
name.rmempty = true
name.size = 10
src = s:taboption("advanced", Value, "src", translate("Source zone"))
src.nocreate = true
src.default = "wan"
src.template = "cbi/firewall_zonelist"
o = s:option(Value, "proto", translate("Protocol"))
o:value("tcp udp", "TCP+UDP")
o:value("tcp", "TCP")
o:value("udp", "UDP")
o:value("icmp", "ICMP")
proto = s:taboption("general", Value, "proto", translate("Protocol"))
proto.optional = true
proto:value("tcp udp", "TCP+UDP")
proto:value("tcp", "TCP")
proto:value("udp", "UDP")
proto:value("icmp", "ICMP")
function proto.cfgvalue(...)
function o.cfgvalue(...)
local v = Value.cfgvalue(...)
if not v or v == "tcpudp" then
return "tcp udp"
@ -83,66 +77,88 @@ function proto.cfgvalue(...)
return v
end
dport = s:taboption("general", Value, "src_dport", translate("External port"),
translate("Match incoming traffic directed at the given " ..
"destination port or port range on this host"))
dport.datatype = "portrange"
to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"),
translate("Redirect matched incoming traffic to the specified " ..
"internal host"))
to.datatype = "ip4addr"
for i, dataset in ipairs(sys.net.arptable()) do
to:value(dataset["IP address"])
end
o = s:option(Value, "src", translate("Source zone"))
o.nocreate = true
o.default = "wan"
o.template = "cbi/firewall_zonelist"
toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"),
translate("Redirect matched incoming traffic to the given port on " ..
"the internal host"))
toport.optional = true
toport.placeholder = "0-65535"
toport.datatype = "portrange"
dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
dest.nocreate = true
dest.default = "lan"
dest.template = "cbi/firewall_zonelist"
src_dip = s:taboption("advanced", Value, "src_dip",
translate("Intended destination address"),
translate("Only match incoming traffic directed at the given IP address."))
src_dip.optional = true
src_dip.datatype = "ip4addr"
src_dip.placeholder = translate("any")
src_mac = s:taboption("advanced", DynamicList, "src_mac",
o = s:option(DynamicList, "src_mac",
translate("Source MAC address"),
translate("Only match incoming traffic from these MACs."))
src_mac.optional = true
src_mac.datatype = "macaddr"
src_mac.placeholder = translate("any")
o.rmempty = true
o.datatype = "macaddr"
o.placeholder = translate("any")
src_ip = s:taboption("advanced", Value, "src_ip",
o = s:option(Value, "src_ip",
translate("Source IP address"),
translate("Only match incoming traffic from this IP or range."))
src_ip.optional = true
src_ip.datatype = "neg(ip4addr)"
src_ip.placeholder = translate("any")
o.rmempty = true
o.datatype = "neg(ip4addr)"
o.placeholder = translate("any")
sport = s:taboption("advanced", Value, "src_port",
o = s:option(Value, "src_port",
translate("Source port"),
translate("Only match incoming traffic originating from the given source port or port range on the client host"))
sport.optional = true
sport.datatype = "portrange"
sport.placeholder = translate("any")
o.rmempty = true
o.datatype = "portrange"
o.placeholder = translate("any")
reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback"))
reflection.rmempty = true
reflection.default = reflection.enabled
reflection:depends({ target = "DNAT", src = wan_zone })
reflection.cfgvalue = function(...)
o = s:option(Value, "src_dip",
translate("External IP address"),
translate("Only match incoming traffic directed at the given IP address."))
o.rmempty = true
o.datatype = "ip4addr"
o.placeholder = translate("any")
o = s:option(Value, "src_dport", translate("External port"),
translate("Match incoming traffic directed at the given " ..
"destination port or port range on this host"))
o.datatype = "portrange"
o = s:option(Value, "dest", translate("Internal zone"))
o.nocreate = true
o.default = "lan"
o.template = "cbi/firewall_zonelist"
o = s:option(Value, "dest_ip", translate("Internal IP address"),
translate("Redirect matched incoming traffic to the specified \
internal host"))
o.datatype = "ip4addr"
for i, dataset in ipairs(sys.net.arptable()) do
o:value(dataset["IP address"])
end
o = s:option(Value, "dest_port",
translate("Internal port"),
translate("Redirect matched incoming traffic to the given port on \
the internal host"))
o.placeholder = translate("any")
o.datatype = "portrange"
o = s:option(Flag, "reflection", translate("Enable NAT Loopback"))
o.rmempty = true
o.default = o.enabled
o:depends("src", wan_zone)
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "1"
end
s:option(Value, "extra",
translate("Extra arguments"),
translate("Passes additional arguments to iptables. Use with care!"))
return m

11
applications/luci-firewall/luasrc/model/cbi/firewall/forwards.lua
View file

@ -49,7 +49,7 @@ function s.create(self, section)
self.map:set(created, "src_dport", e)
self.map:set(created, "dest_ip", a)
self.map:set(created, "dest_port", i)
self.map:set(created, "_name", n)
self.map:set(created, "name", n)
end
if p ~= "other" then
@ -71,10 +71,9 @@ function s.filter(self, sid)
return (self.map:get(sid, "target") ~= "SNAT")
end
name = s:option(DummyValue, "_name", translate("Name"))
function name.cfgvalue(self, s)
return self.map:get(s, "_name") or "-"
end
ft.opt_name(s, DummyValue, translate("Name"))
proto = s:option(DummyValue, "proto", translate("Protocol"))
proto.rawhtml = true
@ -131,4 +130,6 @@ function dest.cfgvalue(self, s)
end
end
ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
return m

31
applications/luci-firewall/luasrc/model/cbi/firewall/rule-details.lua
View file

@ -17,6 +17,7 @@ local sys = require "luci.sys"
local dsp = require "luci.dispatcher"
local nxo = require "nixio"
local ft = require "luci.tools.firewall"
local nw = require "luci.model.network"
local m, s, o, k, v
@ -46,7 +47,7 @@ if not rule_type then
--
elseif rule_type == "redirect" then
local name = m:get(arg[1], "_name")
local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
if not name or #name == 0 then
name = translate("(Unnamed SNAT)")
else
@ -76,9 +77,8 @@ elseif rule_type == "redirect" then
s.addremove = false
o = s:option(Value, "_name", translate("Name"))
o.rmempty = true
o.size = 10
ft.opt_enabled(s, Button)
ft.opt_name(s, Value, translate("Name"))
o = s:option(Value, "proto",
@ -115,7 +115,7 @@ elseif rule_type == "redirect" then
o = s:option(Value, "src_ip", translate("Source IP address"))
o.rmempty = true
o.datatype = "neg(ip4addr)"
o.datatype = "neg(ipaddr)"
o.placeholder = translate("any")
@ -176,15 +176,29 @@ elseif rule_type == "redirect" then
o.placeholder = translate('Do not rewrite')
s:option(Value, "extra",
translate("Extra arguments"),
translate("Passes additional arguments to iptables. Use with care!"))
--
-- Rule
--
else
local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
if not name or #name == 0 then
name = translate("(Unnamed Rule)")
end
m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name }
s = m:section(NamedSection, arg[1], "rule", "")
s.anonymous = true
s.addremove = false
s:option(Value, "_name", translate("Name").." "..translate("(optional)"))
ft.opt_enabled(s, Button)
ft.opt_name(s, Value, translate("Name"))
o = s:option(ListValue, "family", translate("Restrict to address family"))
@ -295,6 +309,11 @@ else
o:value("ACCEPT", translate("accept"))
o:value("REJECT", translate("reject"))
o:value("NOTRACK", translate("don't track"))
s:option(Value, "extra",
translate("Extra arguments"),
translate("Passes additional arguments to iptables. Use with care!"))
end
return m

20
applications/luci-firewall/luasrc/model/cbi/firewall/rules.lua
View file

@ -59,7 +59,7 @@ function s.parse(self, ...)
self.map:set(created, "src", "wan")
self.map:set(created, "proto", (i_p ~= "other") and i_p or "all")
self.map:set(created, "dest_port", i_e)
self.map:set(created, "_name", i_n)
self.map:set(created, "name", i_n)
if i_p ~= "other" and i_e and #i_e > 0 then
created = nil
@ -71,7 +71,7 @@ function s.parse(self, ...)
self.map:set(created, "target", "ACCEPT")
self.map:set(created, "src", f_s)
self.map:set(created, "dest", f_d)
self.map:set(created, "_name", f_n)
self.map:set(created, "name", f_n)
end
if created then
@ -82,10 +82,7 @@ function s.parse(self, ...)
end
end
name = s:option(DummyValue, "_name", translate("Name"))
function name.cfgvalue(self, s)
return self.map:get(s, "_name") or "-"
end
ft.opt_name(s, DummyValue, translate("Name"))
family = s:option(DummyValue, "family", translate("Family"))
function family.cfgvalue(self, s)
@ -170,6 +167,8 @@ function target.cfgvalue(self, s)
end
end
ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
--
-- SNAT
@ -210,7 +209,7 @@ function s.parse(self, ...)
self.map:set(created, "proto", "all")
self.map:set(created, "src_dip", a)
self.map:set(created, "src_dport", p)
self.map:set(created, "_name", n)
self.map:set(created, "name", n)
end
if created then
@ -225,10 +224,7 @@ function s.filter(self, sid)
return (self.map:get(sid, "target") == "SNAT")
end
name = s:option(DummyValue, "_name", translate("Name"))
function name.cfgvalue(self, s)
return self.map:get(s, "_name") or "-"
end
ft.opt_name(s, DummyValue, translate("Name"))
proto = s:option(DummyValue, "proto", translate("Protocol"))
proto.rawhtml = true
@ -285,5 +281,7 @@ function snat.cfgvalue(self, s)
end
end
ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
return m

58
applications/luci-firewall/luasrc/tools/firewall.lua
View file

@ -227,3 +227,61 @@ function fmt_target(x, dest)
end
end
end
function opt_enabled(s, t, ...)
if t == luci.cbi.Button then
local o = s:option(t, "__enabled")
function o.render(self, section)
if self.map:get(section, "enabled") ~= "0" then
self.title = translate("Rule is enabled")
self.inputtitle = translate("Disable")
self.inputstyle = "reset"
else
self.title = translate("Rule is disabled")
self.inputtitle = translate("Enable")
self.inputstyle = "apply"
end
t.render(self, section)
end
function o.write(self, section, value)
if self.map:get(section, "enabled") ~= "0" then
self.map:set(section, "enabled", "0")
else
self.map:del(section, "enabled")
end
end
return o
else
local o = s:option(t, "enabled", ...)
o.enabled = ""
o.disabled = "0"
o.default = o.enabled
return o
end
end
function opt_name(s, t, ...)
local o = s:option(t, "name", ...)
function o.cfgvalue(self, section)
return self.map:get(section, "name") or
self.map:get(section, "_name") or "-"
end
function o.write(self, section, value)
if value ~= "-" then
self.map:set(section, "name", value)
self.map:del(section, "_name")
else
self:remove(section)
end
end
function o.remove(self, section)
self.map:del(section, "name")
self.map:del(section, "_name")
end
return o
end