Commit graph

22 commits

Author SHA1 Message Date
Darius
f0141773ac luci-app-firewall: remove unused code
- unused requirements removed
 - unused variable and foreach loop removed

Signed-off-by: Darius <darius.joksas@teltonika.lt>
[slightly reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-29 13:55:53 +02:00
Jo-Philipp Wich
5142e40f9e luci-app-firewall: update cbi models
- allow multiple src/dest ips for rules ()
 - restrict ICMP type list to ICMP protocol
 - add section title callbacks
 - remove size annotations
 - fix validation error with aliased zone fields ()

Fixes , .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 11:15:39 +02:00
Kristian Evensen
d3aa12b8ed luci-app-firewall: Fix typo in forwards redirect
When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2018-06-11 07:10:48 +02:00
Tom Hodder
658d11e751 luci-app-firewall: disable port fields when protocol is not TCP or UDP
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:

i) protocols other than UDP/TCP
ii) source and destination ports.

There is some discussion of the issue on the forum here and the issue is
here; .

This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.

Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-10 16:24:07 +02:00
Jo-Philipp Wich
2eb4015e18 luci-app-firewall: recognize egress rules in rule overview
Along with 74be6f397
("treewide: switch firewall zone, network and iface lists to dropdown code"),
this change allows luci-app-firewall to recognize OUTPUT rules.

Fixes .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-08 17:09:18 +02:00
Jo-Philipp Wich
74be6f3974 treewide: switch firewall zone, network and iface lists to dropdown code
Also switch the weekday and monthday lists in the firewall rule details to
cbi dropdowns, vastly uncluttering the form.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-08 08:19:20 +02:00
Hannu Nyman
177224c14a luci-app-firewall: expose flow offloading options
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-05-26 20:31:23 +03:00
Florian Eckert
c1eba6a046 luci-app-firewall: redirect to overview page on zone details save
This fixes an inconsistency because on the interface configuration if
you press Save&Apply it will go back to overview page.  It is also the
case with "Firewall - Traffic Rules" details.  On firewall zone it only
goes back to firewall zone-detail. Same behaviour on all pages is a good
user experience.

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07 21:46:38 +08:00
Hsing-Wang Liao
afb3c2a934 luci-app-firewall: Fix a word typo, arbritary -> arbitrary
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-08-06 22:21:04 +08:00
Yousong Zhou
90de442347 luci-app-firewall: fix typo dsp -> ds
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-07-21 20:34:46 +08:00
Jo-Philipp Wich
55ed62eab7 luci-app-firewall: adjust drop_invalid default ()
Since firewall3 commit b33f78371e7c7b6a131c2b6c01673cbd4b3c13d1 the
drop_invalid option is off by default.

Adjust LuCI view to properly handle the changed semantics.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-03-14 12:52:25 +01:00
Jo-Philipp Wich
c7939d3feb luci-app-firewall: use new ipmask validation types when applicable
This allows for address specifications like "fdca🔢0123::abcd/::ffff:ffff:ffff:ffff"
which only match the last 64 bits of an address. This syntax is legal and already supported
by iptables and firewall3.

Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 16:18:20 +01:00
Florian Eckert
0581bd5f0b luci-app-firewall: restart firewall on /etc/firewall.user write
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-12-20 11:12:42 +01:00
Jo-Philipp Wich
75b462fe46 luci-app-firewall: capitalize weekday names ()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-03-31 14:27:29 +02:00
Jo-Philipp Wich
2e92c0718a luci-app-firewall: drop_invalid is default on in OpenWrt now
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-01-29 18:50:24 +01:00
Daniel Dickinson
986baa5cce applications: firewall: Add time and date for rules and redirects
UCI config for the firewall has the option of specifying time and date
limitations; add these options the UI.
2015-12-14 23:26:33 -05:00
Hannu Nyman
87b6bb0daf luci-app-firewall: limit zone name length to 11 characters
Change the maximum length of a firewall zone name from 14 to 11 characters.

Longer names break iptables rule generation (max. 29 chars are allowed).

XT_EXTENSION_MAXNAMELEN = 29
29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") = 11

References to:
https://github.com/openwrt/luci/issues/507
https://dev.openwrt.org/ticket/20380

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-10-28 13:07:47 +02:00
Hannu Nyman
edc58332f0 luci-app-firewall: use maxlength datatype instead of validate function
Switch the zonename validation to use
a compound datatype "and(uciname,maxlength(14))"
instead of a separate 'validate' function.

Remove the unnecessary function that was introduced by 34e875b

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-17 11:02:13 +03:00
Hannu Nyman
34e875b3d3 firewall: validate max length of zone name
fw3 sets the maximum length of the zone name to 14 and
ignores zone definitions with too long names.
http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.h;hb=HEAD#l25
http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.c;hb=HEAD#l195

Add a simple validation to ensure that the new zone name is short enough.
This should fix issue 

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-08-26 13:55:26 +03:00
Jo-Philipp Wich
41d2b33087 Update my email addresses in the license headers
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16 23:49:44 +01:00
Jo-Philipp Wich
7a3493b1f7 Globally reduce copyright headers
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16 23:38:38 +01:00
Jo-Philipp Wich
1bb4822dca Rework LuCI build system
* Rename subdirectories to their repective OpenWrt package names
 * Make each LuCI module its own standalone package
 * Deploy a shared luci.mk which is used by each module Makefile

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-08 16:26:20 +01:00