Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
15335 commits 13 branches 13 tags 306 MiB
Commit graph

58 commits

Author SHA1 Message Date
Jo-Philipp Wich
0b4b6380d0 luci-app-firewall: use firewall.getZoneColorStyle() in views 
Use the new `firewall.getZoneColorStyle()` helper to apply background
color styles.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-11-11 13:00:50 +01:00
Jo-Philipp Wich
6c96414d9b luci-app-firewall: adjust zone badge markup 
No functional changes but required for styling rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-11-10 11:57:43 +01:00
Paul Dee
19c66ef539 luci-app-firewall: add ipv6 exclusive ICMP types 
to firewall 'Match ICMP type' field.

See issue #5213

Signed-off-by: Paul Dee <systemcrash@users.noreply.github.com>
 2021-08-31 23:15:16 +02:00
Fritz D. Ansel
406e6c8177 firewall: more text lines for custom script 
10 lines are very few and there is much unused space

Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
 2021-08-11 09:25:42 +02:00
Stan Grishin
1b4936a6e2 luci-app-firewall: replace hh.mm.ss with hh:mm:ss 
Signed-off-by: Stan Grishin <stangri@melmac.net>
 2021-08-04 20:16:04 +00:00
Jo-Philipp Wich
dc0cfc642e luci-app-firewall: further luci-rpc/getHostHints compatibility fixes 
Rework some further code instances to fall back to the legacy ipv4/ipv6
properties if needed.

Fixes: c7b7b42cd3 ("treewide: Update JS using luci-rpc getHostHints")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-06-03 10:03:48 +02:00
Niels Widger
c7b7b42cd3 treewide: Update JS using luci-rpc getHostHints 
Update frontend JS code which uses luci-rpc getHostHints to support the new
response format which removes the `ipv4` and `ipv6` host hint string fields
and replaces them with `ipaddrs` and `ip6addrs` weighted string list fields.

Signed-off-by: Niels Widger <niels@qacafe.com>
[rework code to be forwards/backwards compatible, fix some Network.Hosts
 methods, fix IP choice ordering, change commit subject, rewrap commit
 message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-06-03 09:51:09 +02:00
Jo-Philipp Wich
bbf1a5343f luci-app-firewall: simplify some form actions 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-03-15 11:41:50 +01:00
Jo-Philipp Wich
f64b3d5094 luci-app-firewall: allow negative prefix lengths 
Fixes: #4812
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-03-01 15:18:25 +01:00
Jo-Philipp Wich
154117ff05 luci-app-firewall: zones.js: fix HTML display in ct helper selection 
Fixes: #4845
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-03-01 09:09:35 +01:00
Jo-Philipp Wich
5d528da29f luci-app-firewall: fix creating multiple networks from zone network selector 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-03-01 08:54:58 +01:00
Jo-Philipp Wich
b60be8cfd8 luci-app-firewall: properly handle custom multi IP/MAC input 
Store multiple space separated custom address values as separate uci
list items in the configuration.

Fixes: #4822
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2021-02-19 11:29:14 +01:00
Florian Eckert
ab390cf94e luci-app-firewall: add tooltip on rules that have time restrictions enabled 
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
 2021-01-13 12:33:29 +01:00
Florian Eckert
4bbf6db9d9 luci-app-firewall: add limited masquerading tooltip 
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
 2021-01-13 12:29:03 +01:00
Florian Eckert
972096bf39 luci-app-firewall: map proto '*' and 'any' to all on rule config 
Before the change, the options '*' and 'any' in the drop down were not
recognized as valid options, when loaded from the uci. With this change,
the options '*' and 'any' are mapped to 'all' and saved as such. This
change is especially important if the proto option is changed manually
to '*' or 'any' in shell and then further configured via LuCI.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
 2020-12-16 12:55:31 +01:00
Jo-Philipp Wich
4dbf600de6 luci-app-firewall: fix removing networks from zone 
Fixes: #4608
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-11-20 13:28:28 +01:00
Robby K
43dc420864 luci-app-firewall: rules: add ICMPv6 Packet Too Big (Type 2) 
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI.

Signed-off-by: Robby K <robbyke@gmail.com>
 2020-10-01 22:52:46 +02:00
Jo-Philipp Wich
0abcb39b62 luci-app-firewall: migrate syn_flood option to synflood_protect on save 
Fixes: #4220
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-07-05 00:51:59 +02:00
Jo-Philipp Wich
952b169167 luci-app-firewall: tools/firewall.js: honour readonly property 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-04-14 17:09:12 +02:00
Jo-Philipp Wich
3c4bc228a1 treewide: import utility classes explicitly 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-04-03 10:00:06 +02:00
Jo-Philipp Wich
0ff4dc822b luci-app-firewall: use Firewall.removeZone() helper 
Fixes: FS#2932
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2932
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-03-26 19:15:27 +01:00
Jo-Philipp Wich
2c036b36ce luci-app-firewall: tools.firewall: properly handle protocol 0 
The existing code failed to anticipate that '' == 0 in JS.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-03-04 20:22:38 +01:00
Jo-Philipp Wich
663134cd2d luci-app-firewall: don't treat zone name as network fallback 
Drop obsolete extra logic which treats the zone name as covered network
name in case the network list is unset. This behaviour applied to the
pre-fw3 uci firewall, but is not supported since fw3 anymore.

Ref: https://forum.openwrt.org/t/luci-zone-creation-bug/55921
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-03-02 10:11:44 +01:00
Jo-Philipp Wich
d527c28ffa luci-app-firewall: snats.js: fix rewrite IP validation for SNAT target 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-02-22 22:20:17 +01:00
Jo-Philipp Wich
9fd7e9fc23 luci-app-firewall: fix variable clash leading to incorrect family display 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-20 18:57:47 +01:00
Jo-Philipp Wich
f1771d14aa luci-app-firewall: add SNAT config migration 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-19 19:38:07 +01:00
Jo-Philipp Wich
7944b0a90b luci-app-firewall: rework rule descriptions, deduplicate code 
Use a simple custom format string DSL to assemble the rule description
texts in the overview page.

Also move common code for shared, complex cbi options to the firewall
tool class.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-19 16:22:47 +01:00
Jo-Philipp Wich
0608ff09f8 luci-app-firewall: consolidate duplicate option code 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 22:16:53 +01:00
Jo-Philipp Wich
28f4a9fced luci-app-firewall: support 'limit' and 'limit_burst' options 
Also resync firewall translations.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 21:36:39 +01:00
Jo-Philipp Wich
aa62419e5b luci-app-firewall: support 'DSCP' action and matches for rules 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 21:00:46 +01:00
Jo-Philipp Wich
3c0fcf49d4 luci-app-firewall: support 'MARK' action and matches for rules 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 20:35:09 +01:00
Jo-Philipp Wich
cdf240f0a0 luci-app-firewall: support 'mark' parameter for redirects 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 18:17:09 +01:00
Jo-Philipp Wich
61fe2146dd luci-app-firewall: support 'helper' and 'reflection_src' parameters for redirects 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 16:30:58 +01:00
Jo-Philipp Wich
d601e79da5 luci-app-firewall: support 'helper' and 'set_helper' parameters for rules 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 16:13:01 +01:00
Jo-Philipp Wich
267085cf2d luci-app-firewall: support 'direction' and 'device' parameters for rules 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 15:31:01 +01:00
Jo-Philipp Wich
a178cdb5cf luci-app-firewall: fix family display for port forwards 
The underlying fw3 program currently only does IPv4 port forwards while
LuCI incorrectly reports IPv4 + IPv6 for each forward. Adjust the text
accordingly to fix this.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-16 13:54:22 +01:00
Jo-Philipp Wich
c8b8ae6b8e luci-app-firewall: introduce support for "config nat" sections 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-15 19:22:06 +01:00
Jo-Philipp Wich
d60a1a13b0 luci-app-firewall: fix zone network default 
When a `config zone` section lacks an `option network` or `list network`
setting, its contained interface list defaults to the name of the zone,
e.g. a zone named `foo` will implicitely contain the network `foo` unless
a deviating or empty `option network` is specified.

Adjust the zones.js model accordingly to reflect that implicit default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-01-04 18:48:49 +01:00
Jo-Philipp Wich
d07cfba160 luci-app-firewall: update rule ip hints based on address family 
Fixes: #3119
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-12-30 14:51:40 +01:00
Jo-Philipp Wich
18c60968dc luci-app-firewall: store week- and monthday restrictions as strings 
Fixes: FS#2661
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2661
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-12-30 00:08:17 +01:00
Jo-Philipp Wich
f6e56e67e8 luci-app-firewall: remove obsolete "conntrack" option 
Fixes: #3342
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-11-22 08:50:14 +01:00
Jo-Philipp Wich
86f492173d treewide: require ui.js explicitly 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-11-03 21:55:50 +01:00
Jo-Philipp Wich
9e57fbb2c3 luci-base, luci-app-firewall: port custom rules to client side view 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-11-03 20:34:57 +01:00
Jo-Philipp Wich
37b6092aef luci-base, luci-mod-network, luci-app-firewall: migrate luci/getHostHints 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-11-01 12:03:33 +01:00
Nicholas Smith
f9e2d60f13 luci-app-firewall: display "this new zone" instead of "undefined" 
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
 2019-09-11 12:52:24 +02:00
Jo-Philipp Wich
eeced34765 luci-app-firewall: disallow creating zone without name 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-09-11 12:46:59 +02:00
Jo-Philipp Wich
42bc712e2c luci-app-firewall: filter alias interfaces in zone device selection 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-09-10 15:28:16 +02:00
Jo-Philipp Wich
42bd5aa9c4 luci-app-firewall: fix zone overview page after rpc procedure renaming 
The "conntrack_helpers" method has been renamed to "getConntrackHelpers".

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-08-15 15:40:46 +02:00
Jo-Philipp Wich
ed8f1c4c1c luci-app-firewall: honour global default policies in per-zone settings 
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-08-14 22:58:15 +02:00
Jo-Philipp Wich
9f032e02e4 luci-app-firewall: drop usage of getOffloadSupport() 
Rely on the more generic L.hasSystemFeature() from now on.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2019-08-14 22:58:15 +02:00