luci-app-firewall: disable port fields when protocol is not TCP or UDP
It's currently possible to generate nonsensical firewall rules by inputting combinations which include: i) protocols other than UDP/TCP ii) source and destination ports. There is some discussion of the issue on the forum here and the issue is here; #1850. This patch makes fields like src_port and dest_port depend on protocol being tcp, udp or "tcp udp" in the input, forwarding and source NAT forms. Signed-off-by: Tom Hodder <tom@limepepper.co.uk> [reword commit message, squash commits] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Tom Hodder
Jo-Philipp Wich
parent
8a4c3a01bf
commit
658d11e751
2 changed files with 32 additions and 1 deletions
|
|
@ -89,6 +89,10 @@ o.rmempty = true
|
|||
o.datatype = "neg(portrange)"
|
||||
o.placeholder = translate("any")
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(Value, "src_dip",
|
||||
translate("External IP address"),
|
||||
|
|
@ -109,7 +113,10 @@ o = s:option(Value, "src_dport", translate("External port"),
|
|||
"destination port or port range on this host"))
|
||||
o.datatype = "neg(portrange)"
|
||||
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(Value, "dest", translate("Internal zone"))
|
||||
o.nocreate = true
|
||||
|
|
@ -134,6 +141,10 @@ o = s:option(Value, "dest_port",
|
|||
o.placeholder = translate("any")
|
||||
o.datatype = "portrange"
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(Flag, "reflection", translate("Enable NAT Loopback"))
|
||||
o.rmempty = true
|
||||
|
|
|
|||
|
|
@ -115,6 +115,10 @@ elseif rule_type == "redirect" then
|
|||
o.datatype = "neg(portrange)"
|
||||
o.placeholder = translate("any")
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(Value, "dest", translate("Destination zone"))
|
||||
o.nocreate = true
|
||||
|
|
@ -139,6 +143,10 @@ elseif rule_type == "redirect" then
|
|||
o.placeholder = translate("any")
|
||||
o.datatype = "neg(portrange)"
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(Value, "src_dip",
|
||||
translate("SNAT IP address"),
|
||||
|
|
@ -163,6 +171,10 @@ elseif rule_type == "redirect" then
|
|||
o.rmempty = true
|
||||
o.placeholder = translate('Do not rewrite')
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
s:option(Value, "extra",
|
||||
translate("Extra arguments"),
|
||||
|
|
@ -281,6 +293,10 @@ else
|
|||
o.datatype = "list(neg(portrange))"
|
||||
o.placeholder = translate("any")
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(Value, "dest_local", translate("Output zone"))
|
||||
o.nocreate = true
|
||||
|
|
@ -312,6 +328,10 @@ else
|
|||
o.datatype = "list(neg(portrange))"
|
||||
o.placeholder = translate("any")
|
||||
|
||||
o:depends("proto", "tcp")
|
||||
o:depends("proto", "udp")
|
||||
o:depends("proto", "tcp udp")
|
||||
o:depends("proto", "tcpudp")
|
||||
|
||||
o = s:option(ListValue, "target", translate("Action"))
|
||||
o.default = "ACCEPT"
|
||||
|
|
|
|||
Loading…
Reference in a new issue