* corrects the view as IPv4 and IPv6 for rules where the family is 'any' and the IP not set (this fixes #9c55500), e.g. a forward rule like that:
config redirect 'adblock_lan53'
option name 'Adblock DNS (lan, 53)'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
option family 'any'
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes: 48086e1c7b ("luci-app-firewall: Add ipset field to snats")
Fixes: d0d891c23e ("luci-app-firewall: Add ipset field to forwards (redirects)")
Fixes: f407a013ba ("luci-app-firewall: Add ipset field to rules")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Allow setup ipv6 for Port Forwards and NAT Rules if firewall4 is
used.
Add 'Restrict to address family' option for NAT Rules, if family is
any/empty , assume it is ipv4. this allow setup NAT6 rules in web ui
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Ensure that the description of the masquerade option does not end up in
the grid section overview as it messes up the table layout.
Fixes: c54efde717 ("luci-app-firewall: Add clarification to masquerading option")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This prevents its inconsistent checked/unchecked behaviour when exiting
and re-entering the dialogue.
Tested on 22.03.3
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
Initial changes required for firewall4 compatibility:
* depend on uc-firewall instead of firewall
* detect installed version of firewall and hide incompatible features
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI.
Signed-off-by: Robby K <robbyke@gmail.com>
Drop obsolete extra logic which treats the zone name as covered network
name in case the network list is unset. This behaviour applied to the
pre-fw3 uci firewall, but is not supported since fw3 anymore.
Ref: https://forum.openwrt.org/t/luci-zone-creation-bug/55921
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use a simple custom format string DSL to assemble the rule description
texts in the overview page.
Also move common code for shared, complex cbi options to the firewall
tool class.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The underlying fw3 program currently only does IPv4 port forwards while
LuCI incorrectly reports IPv4 + IPv6 for each forward. Adjust the text
accordingly to fix this.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When a `config zone` section lacks an `option network` or `list network`
setting, its contained interface list defaults to the name of the zone,
e.g. a zone named `foo` will implicitely contain the network `foo` unless
a deviating or empty `option network` is specified.
Adjust the zones.js model accordingly to reflect that implicit default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
