Drop obsolete extra logic which treats the zone name as covered network
name in case the network list is unset. This behaviour applied to the
pre-fw3 uci firewall, but is not supported since fw3 anymore.
Ref: https://forum.openwrt.org/t/luci-zone-creation-bug/55921
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 663134cd2d)
Use a simple custom format string DSL to assemble the rule description
texts in the overview page.
Also move common code for shared, complex cbi options to the firewall
tool class.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 7944b0a90b)
The underlying fw3 program currently only does IPv4 port forwards while
LuCI incorrectly reports IPv4 + IPv6 for each forward. Adjust the text
accordingly to fix this.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a178cdb5cf)
When a `config zone` section lacks an `option network` or `list network`
setting, its contained interface list defaults to the name of the zone,
e.g. a zone named `foo` will implicitely contain the network `foo` unless
a deviating or empty `option network` is specified.
Adjust the zones.js model accordingly to reflect that implicit default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d60a1a13b0)
This just makes it easier to find the type one would want.
No types were added or removed, only re-arranged.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
The "Match ICMP Type" dropdown had entries for router
solicitation & router advertisements, but not the more
generic neighbour solicitation & neighbour advertisements.
A LAN cannot function without Neighbour Discovery; this
means that setting a LAN interface default input policy to
REJECT breaks IPv6 WAN access for all hosts on that LAN;
as they can no longer discover their gateway's MAC address.
This can be fixed with appropriate rules allowing ND input,
which this patch allows one to do in LuCI.
The spelling is the same as in [1].
[1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config>
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
- Set src/dest defaults only in initial section create state, otherwise it
is impossible to specify output rules
- Get rid of dest_remote/dest_local widget switching and implement change
logic directly in tools.widgets.CBIZoneSelect
- Remove leftover debug code
Ref: https://github.com/openwrt/luci/issues/2889
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
