luci-app-firewall: support 'helper' and 'set_helper' parameters for rules

Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit d601e79da5)
2020-01-16 16:12:38 +01:00 · 2020-01-16 16:12:38 +01:00 · 4a2281814d
commit 4a2281814d
parent c722cf3c46
1 changed files with 40 additions and 5 deletions
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@ -148,14 +148,23 @@ return L.view.extend({
 		expect: { '': {} }
 	}),

+	callConntrackHelpers: rpc.declare({
+		object: 'luci',
+		method: 'getConntrackHelpers',
+		expect: { result: [] }
+	}),
+
 	load: function() {
-		return this.callHostHints().catch(function(e) {
-			console.debug('load fail', e);
-		});
+		return Promise.all([
+			this.callHostHints(),
+			this.callConntrackHelpers()
+		]);
 	},

-	render: function(hosts) {
-		var m, s, o;
+	render: function(data) {
+		var hosts = data[0],
+		    ctHelpers = data[1],
+		    m, s, o;

 		m = new form.Map('firewall', _('Firewall - Traffic Rules'),
 			_('Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.'));
@ -383,6 +392,32 @@ return L.view.extend({
 		o.value('ACCEPT', _('accept'));
 		o.value('REJECT', _('reject'));
 		o.value('NOTRACK', _("don't track"));
+		o.value('HELPER', _('assign conntrack helper'));
+
+		o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
+		o.modalonly = true;
+		o.placeholder = _('any');
+		o.depends('target', 'HELPER');
+		for (var i = 0; i < ctHelpers.length; i++)
+			o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+
+		o = s.taboption('advanced', form.Value, 'helper', _('Match helper'), _('Match traffic using the specified connection tracking helper.'));
+		o.modalonly = true;
+		o.placeholder = _('any');
+		for (var i = 0; i < ctHelpers.length; i++)
+			o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+		o.validate = function(section_id, value) {
+			if (value == '' || value == null)
+				return true;
+
+			value = value.replace(/^!\s*/, '');
+
+			for (var i = 0; i < ctHelpers.length; i++)
+				if (value == ctHelpers[i].name)
+					return true;
+
+			return _('Unknown or not installed conntrack helper "%s"').format(value);
+		};

 		o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
 			_('Passes additional arguments to iptables. Use with care!'));