When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Along with 74be6f397
("treewide: switch firewall zone, network and iface lists to dropdown code"),
this change allows luci-app-firewall to recognize OUTPUT rules.
Fixes#1457.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Also switch the weekday and monthday lists in the firewall rule details to
cbi dropdowns, vastly uncluttering the form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This fixes an inconsistency because on the interface configuration if
you press Save&Apply it will go back to overview page. It is also the
case with "Firewall - Traffic Rules" details. On firewall zone it only
goes back to firewall zone-detail. Same behaviour on all pages is a good
user experience.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Since firewall3 commit b33f78371e7c7b6a131c2b6c01673cbd4b3c13d1 the
drop_invalid option is off by default.
Adjust LuCI view to properly handle the changed semantics.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This allows for address specifications like "fdca🔢0123::abcd/::ffff:ffff:ffff:ffff"
which only match the last 64 bits of an address. This syntax is legal and already supported
by iptables and firewall3.
Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Change the maximum length of a firewall zone name from 14 to 11 characters.
Longer names break iptables rule generation (max. 29 chars are allowed).
XT_EXTENSION_MAXNAMELEN = 29
29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") = 11
References to:
https://github.com/openwrt/luci/issues/507https://dev.openwrt.org/ticket/20380
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Switch the zonename validation to use
a compound datatype "and(uciname,maxlength(14))"
instead of a separate 'validate' function.
Remove the unnecessary function that was introduced by 34e875b
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
