Use the standard addEventListener() instead. Also remove an old
cbi_validate_field() call referencing a not existing field.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Arguably this makes little if no wan zone exists but prefer consistency
over heuristics and always render the "open port" shortcut.
Fixes#2056
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Along with 74be6f397
("treewide: switch firewall zone, network and iface lists to dropdown code"),
this change allows luci-app-firewall to recognize OUTPUT rules.
Fixes#1457.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Also switch the weekday and monthday lists in the firewall rule details to
cbi dropdowns, vastly uncluttering the form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mostly convert HTML tables to div based markup to allow for easier styling
in the future. Also change JS accessor code accordingly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This fixes an inconsistency because on the interface configuration if
you press Save&Apply it will go back to overview page. It is also the
case with "Firewall - Traffic Rules" details. On firewall zone it only
goes back to firewall zone-detail. Same behaviour on all pages is a good
user experience.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Change the preselection for the src zone to wan and the dest zon to lan
because this is the normal situation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Current the append traffic rules for "port forwarding" and "port opening"
to the router are only shown if 'wan' and 'lan' zone are defined at
once.
For "port opening" to the router only need a 'wan' zone. Removing
'lan' zone dependency for 'port opening' reflect this behavior.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Since firewall3 commit b33f78371e7c7b6a131c2b6c01673cbd4b3c13d1 the
drop_invalid option is off by default.
Adjust LuCI view to properly handle the changed semantics.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This allows for address specifications like "fdca🔢0123::abcd/::ffff:ffff:ffff:ffff"
which only match the last 64 bits of an address. This syntax is legal and already supported
by iptables and firewall3.
Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Change the maximum length of a firewall zone name from 14 to 11 characters.
Longer names break iptables rule generation (max. 29 chars are allowed).
XT_EXTENSION_MAXNAMELEN = 29
29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") = 11
References to:
https://github.com/openwrt/luci/issues/507https://dev.openwrt.org/ticket/20380
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Switch the zonename validation to use
a compound datatype "and(uciname,maxlength(14))"
instead of a separate 'validate' function.
Remove the unnecessary function that was introduced by 34e875b
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
