Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6317 from 1715173329/of/masq6

Browse source 
luci-app-firewall: add masq6 option for zones
This commit is contained in:
Jo-Philipp Wich 2023-03-30 20:22:45 +02:00 committed by GitHub
commit f941042741
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
View file

@ -33,6 +33,7 @@ return view.extend({
var ctHelpers = data[0], var ctHelpers = data[0],
fwDefaults = data[1], fwDefaults = data[1],
m, s, o, inp, out; m, s, o, inp, out;
var fw4 = L.hasSystemFeature('firewall4');
m = new form.Map('firewall', _('Firewall - Zone Settings'), m = new form.Map('firewall', _('Firewall - Zone Settings'),
_('The firewall creates zones over your network interfaces to control network traffic flow.')); _('The firewall creates zones over your network interfaces to control network traffic flow.'));
@ -158,12 +159,13 @@ return view.extend({
p[2].default = fwDefaults.getForward(); p[2].default = fwDefaults.getForward();
o = s.taboption('general', form.Flag, 'masq', _('Masquerading'), o = s.taboption('general', form.Flag, 'masq', _('Masquerading'),
_('Enable network address and port translation (NAT or NAPT) for outbound traffic on this zone. This is typically enabled on the <em>wan</em> zone.')); _('Enable network address and port translation IPv4 (NAT4 or NAPT4) for outbound traffic on this zone. This is typically enabled on the <em>wan</em> zone.'));
o.editable = true; o.editable = true;
o.tooltip = function(section_id) { o.tooltip = function(section_id) {
var family = uci.get('firewall', section_id, 'family')
var masq_src = uci.get('firewall', section_id, 'masq_src') var masq_src = uci.get('firewall', section_id, 'masq_src')
var masq_dest = uci.get('firewall', section_id, 'masq_dest') var masq_dest = uci.get('firewall', section_id, 'masq_dest')
if (masq_src || masq_dest) if ((!family || family.indexOf('6') == -1) && (masq_src || masq_dest))
return _('Limited masquerading enabled'); return _('Limited masquerading enabled');
return null; return null;
@ -230,6 +232,20 @@ return view.extend({
o.modalonly = true; o.modalonly = true;
o.multiple = true; o.multiple = true;
if (fw4) {
o = s.taboption('advanced', form.Flag, 'masq6', _('IPv6 Masquerading'),
_('Enable network address and port translation IPv6 (NAT6 or NAPT6) for outbound traffic on this zone.'));
o.modalonly = true;
o.tooltip = function(section_id) {
var family = uci.get('firewall', section_id, 'family')
var masq_src = uci.get('firewall', section_id, 'masq_src')
var masq_dest = uci.get('firewall', section_id, 'masq_dest')
if ((!family || family.indexOf('6') >= 0) && (masq_src || masq_dest))
return _('Limited masquerading enabled');
return null;
};
}
o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family')); o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family'));
o.value('', _('IPv4 and IPv6')); o.value('', _('IPv4 and IPv6'));
o.value('ipv4', _('IPv4 only')); o.value('ipv4', _('IPv4 only'));
@ -237,16 +253,24 @@ return view.extend({
o.modalonly = true; o.modalonly = true;
o = s.taboption('advanced', form.DynamicList, 'masq_src', _('Restrict Masquerading to given source subnets')); o = s.taboption('advanced', form.DynamicList, 'masq_src', _('Restrict Masquerading to given source subnets'));
o.depends('family', ''); if (fw4) {
o.depends('family', 'ipv4'); o.datatype = 'list(neg(or(uciname,hostname,ipmask)))';
o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))'; } else {
o.depends('family', '');
o.depends('family', 'ipv4');
o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
}
o.placeholder = '0.0.0.0/0'; o.placeholder = '0.0.0.0/0';
o.modalonly = true; o.modalonly = true;
o = s.taboption('advanced', form.DynamicList, 'masq_dest', _('Restrict Masquerading to given destination subnets')); o = s.taboption('advanced', form.DynamicList, 'masq_dest', _('Restrict Masquerading to given destination subnets'));
o.depends('family', ''); if (fw4) {
o.depends('family', 'ipv4'); o.datatype = 'list(neg(or(uciname,hostname,ipmask)))';
o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))'; } else {
o.depends('family', '');
o.depends('family', 'ipv4');
o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
}
o.placeholder = '0.0.0.0/0'; o.placeholder = '0.0.0.0/0';
o.modalonly = true; o.modalonly = true;