2 LuCI - Lua Configuration Interface
4 Copyright 2011 Jo-Philipp Wich <xm@subsignal.org>
6 Licensed under the Apache License, Version 2.0 (the "License");
7 you may not use this file except in compliance with the License.
8 You may obtain a copy of the License at
10 http://www.apache.org/licenses/LICENSE-2.0
15 local sys = require "luci.sys"
16 local dsp = require "luci.dispatcher"
21 translate("Firewall - Port Forwards"),
22 translate("This page allows you to change advanced properties of the port \
23 forwarding entry. In most cases there is no need to modify \
26 m.redirect = dsp.build_url("admin/network/firewall/forwards")
28 if m.uci:get("firewall", arg[1]) ~= "redirect" then
29 luci.http.redirect(m.redirect)
32 local name = m:get(arg[1], "_name")
33 if not name or #name == 0 then
34 name = translate("(Unnamed Entry)")
36 m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), name }
41 m.uci:foreach("firewall", "zone",
43 local n = s.network or s.name
46 for i in n:gmatch("%S+") do
55 s = m:section(NamedSection, arg[1], "redirect", "")
59 s:tab("general", translate("General Settings"))
60 s:tab("advanced", translate("Advanced Settings"))
62 name = s:taboption("general", Value, "_name", translate("Name"))
66 src = s:taboption("advanced", Value, "src", translate("Source zone"))
69 src.template = "cbi/firewall_zonelist"
71 proto = s:taboption("general", Value, "proto", translate("Protocol"))
73 proto:value("tcp udp", "TCP+UDP")
74 proto:value("tcp", "TCP")
75 proto:value("udp", "UDP")
76 proto:value("icmp", "ICMP")
78 function proto.cfgvalue(...)
79 local v = Value.cfgvalue(...)
80 if not v or v == "tcpudp" then
86 dport = s:taboption("general", Value, "src_dport", translate("External port"),
87 translate("Match incoming traffic directed at the given " ..
88 "destination port or port range on this host"))
89 dport.datatype = "portrange"
91 to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"),
92 translate("Redirect matched incoming traffic to the specified " ..
94 to.datatype = "ip4addr"
95 for i, dataset in ipairs(sys.net.arptable()) do
96 to:value(dataset["IP address"])
99 toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"),
100 translate("Redirect matched incoming traffic to the given port on " ..
101 "the internal host"))
102 toport.optional = true
103 toport.placeholder = "0-65535"
104 toport.datatype = "portrange"
106 dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
109 dest.template = "cbi/firewall_zonelist"
111 src_dip = s:taboption("advanced", Value, "src_dip",
112 translate("Intended destination address"),
113 translate("Only match incoming traffic directed at the given IP address."))
115 src_dip.optional = true
116 src_dip.datatype = "ip4addr"
117 src_dip.placeholder = translate("any")
119 src_mac = s:taboption("advanced", DynamicList, "src_mac",
120 translate("Source MAC address"),
121 translate("Only match incoming traffic from these MACs."))
122 src_mac.optional = true
123 src_mac.datatype = "macaddr"
124 src_mac.placeholder = translate("any")
126 src_ip = s:taboption("advanced", Value, "src_ip",
127 translate("Source IP address"),
128 translate("Only match incoming traffic from this IP or range."))
129 src_ip.optional = true
130 src_ip.datatype = "neg(ip4addr)"
131 src_ip.placeholder = translate("any")
133 sport = s:taboption("advanced", Value, "src_port",
134 translate("Source port"),
135 translate("Only match incoming traffic originating from the given source port or port range on the client host"))
136 sport.optional = true
137 sport.datatype = "portrange"
138 sport.placeholder = translate("any")
140 reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback"))
141 reflection.rmempty = true
142 reflection.default = reflection.enabled
143 reflection:depends({ target = "DNAT", src = wan_zone })
144 reflection.cfgvalue = function(...)
145 return Flag.cfgvalue(...) or "1"