This adds entries for ICMPv6 MLD types. This fixes the ICMPv6 MLD types to be consistent with fw4.
These types were added to fw4 in this commit:
- e6e82a5520
But were omitted from the corresponding luci-app-firewall commit:
- 88a016cbff
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Fixes: 48086e1c7b ("luci-app-firewall: Add ipset field to snats")
Fixes: d0d891c23e ("luci-app-firewall: Add ipset field to forwards (redirects)")
Fixes: f407a013ba ("luci-app-firewall: Add ipset field to rules")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This prevents its inconsistent checked/unchecked behaviour when exiting
and re-entering the dialogue.
Tested on 22.03.3
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
Initial changes required for firewall4 compatibility:
* depend on uc-firewall instead of firewall
* detect installed version of firewall and hide incompatible features
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI.
Signed-off-by: Robby K <robbyke@gmail.com>
Use a simple custom format string DSL to assemble the rule description
texts in the overview page.
Also move common code for shared, complex cbi options to the firewall
tool class.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This just makes it easier to find the type one would want.
No types were added or removed, only re-arranged.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
The "Match ICMP Type" dropdown had entries for router
solicitation & router advertisements, but not the more
generic neighbour solicitation & neighbour advertisements.
A LAN cannot function without Neighbour Discovery; this
means that setting a LAN interface default input policy to
REJECT breaks IPv6 WAN access for all hosts on that LAN;
as they can no longer discover their gateway's MAC address.
This can be fixed with appropriate rules allowing ND input,
which this patch allows one to do in LuCI.
The spelling is the same as in [1].
[1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config>
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
- Set src/dest defaults only in initial section create state, otherwise it
is impossible to specify output rules
- Get rid of dest_remote/dest_local widget switching and implement change
logic directly in tools.widgets.CBIZoneSelect
- Remove leftover debug code
Ref: https://github.com/openwrt/luci/issues/2889
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
