luci-app-firewall: use new ipmask validation types when applicable

This allows for address specifications like "fdca🔢0123::abcd/::ffff:ffff:ffff:ffff" which only match the last 64 bits of an address. This syntax is legal and already supported by iptables and firewall3. Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 16:18:20 +01:00 · 2017-01-23 16:18:20 +01:00 · 33a917f9c4
commit 33a917f9c4
parent 8297be5485
3 changed files with 9 additions and 9 deletions
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
@ -73,7 +73,7 @@ o = s:option(Value, "src_ip",
 	translate("Source IP address"),
 	translate("Only match incoming traffic from this IP or range."))
 o.rmempty = true
-o.datatype = "neg(ip4addr)"
+o.datatype = "neg(ipmask4)"
 o.placeholder = translate("any")
 luci.sys.net.ipv4_hints(function(ip, name)
@ -99,7 +99,7 @@ end)
 o.rmempty = true
-o.datatype = "neg(ip4addr)"
+o.datatype = "neg(ipmask4)"
 o.placeholder = translate("any")
@ -119,7 +119,7 @@ o.template = "cbi/firewall_zonelist"
 o = s:option(Value, "dest_ip", translate("Internal IP address"),
 	translate("Redirect matched incoming traffic to the specified \
 		internal host"))
-o.datatype = "ip4addr"
+o.datatype = "ipmask4"
 luci.sys.net.ipv4_hints(function(ip, name)
 	o:value(ip, "%s (%s)" %{ ip, name })
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@ -99,7 +99,7 @@ elseif rule_type == "redirect" then
 	o = s:option(Value, "src_ip", translate("Source IP address"))
 	o.rmempty = true
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask4)"
 	o.placeholder = translate("any")
 	luci.sys.net.ipv4_hints(function(ip, name)
@ -123,7 +123,7 @@ elseif rule_type == "redirect" then
 	o = s:option(Value, "dest_ip", translate("Destination IP address"))
-	o.datatype = "neg(ip4addr)"
+	o.datatype = "neg(ipmask4)"
 	luci.sys.net.ipv4_hints(function(ip, name)
 		o:value(ip, "%s (%s)" %{ ip, name })
@ -269,7 +269,7 @@ else
 	o = s:option(Value, "src_ip", translate("Source address"))
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask)"
 	o.placeholder = translate("any")
 	luci.sys.net.ipv4_hints(function(ip, name)
@ -290,7 +290,7 @@ else
 	o = s:option(Value, "dest_ip", translate("Destination address"))
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask)"
 	o.placeholder = translate("any")
 	luci.sys.net.ipv4_hints(function(ip, name)
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
@ -126,7 +126,7 @@ msrc = s:taboption("advanced", DynamicList, "masq_src",
 	translate("Restrict Masquerading to given source subnets"))
 msrc.optional = true
-msrc.datatype = "list(neg(or(uciname,hostname,ip4addr)))"
+msrc.datatype = "list(neg(or(uciname,hostname,ipmask4)))"
 msrc.placeholder = "0.0.0.0/0"
 msrc:depends("family", "")
 msrc:depends("family", "ipv4")
@ -135,7 +135,7 @@ mdest = s:taboption("advanced", DynamicList, "masq_dest",
 	translate("Restrict Masquerading to given destination subnets"))
 mdest.optional = true
-mdest.datatype = "list(neg(or(uciname,hostname,ip4addr)))"
+mdest.datatype = "list(neg(or(uciname,hostname,ipmask4)))"
 mdest.placeholder = "0.0.0.0/0"
 mdest:depends("family", "")
 mdest:depends("family", "ipv4")