--[[ LuCI - Lua Configuration Interface Copyright 2008 Steven Barth Copyright 2010 Jo-Philipp Wich Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 $Id$ ]]-- local has_v2 = nixio.fs.access("/lib/firewall/fw.sh") local dsp = require "luci.dispatcher" arg[1] = arg[1] or "" m = Map("firewall", translate("Advanced Rules"), translate("Advanced rules let you customize the firewall to your " .. "needs. Only new connections will be matched. Packets " .. "belonging to already open connections are automatically " .. "allowed to pass the firewall.")) m.redirect = dsp.build_url("admin", "network", "firewall") if not m.uci:get(arg[1]) == "rule" then luci.http.redirect(m.redirect) return end s = m:section(NamedSection, arg[1], "rule", "") s.anonymous = true s.addremove = false s:tab("general", translate("General Settings")) s:tab("advanced", translate("Advanced Options")) back = s:option(DummyValue, "_overview", translate("Overview")) back.value = "" back.titleref = dsp.build_url("admin", "network", "firewall", "rule") name = s:taboption("general", Value, "_name", translate("Name").." "..translate("(optional)")) name.rmempty = true src = s:taboption("general", Value, "src", translate("Source zone")) src.nocreate = true src.default = "wan" src.template = "cbi/firewall_zonelist" dest = s:taboption("advanced", Value, "dest", translate("Destination zone")) dest.nocreate = true dest.allowlocal = true dest.template = "cbi/firewall_zonelist" proto = s:taboption("general", Value, "proto", translate("Protocol")) proto.optional = true proto:value("all", translate("Any")) proto:value("tcpudp", "TCP+UDP") proto:value("tcp", "TCP") proto:value("udp", "UDP") proto:value("icmp", "ICMP") icmpt = s:taboption("general", Value, "icmp_type", translate("Match ICMP type")) icmpt:depends("proto", "icmp") icmpt:value("", "any") icmpt:value("echo-reply") icmpt:value("destination-unreachable") icmpt:value("network-unreachable") icmpt:value("host-unreachable") icmpt:value("protocol-unreachable") icmpt:value("port-unreachable") icmpt:value("fragmentation-needed") icmpt:value("source-route-failed") icmpt:value("network-unknown") icmpt:value("host-unknown") icmpt:value("network-prohibited") icmpt:value("host-prohibited") icmpt:value("TOS-network-unreachable") icmpt:value("TOS-host-unreachable") icmpt:value("communication-prohibited") icmpt:value("host-precedence-violation") icmpt:value("precedence-cutoff") icmpt:value("source-quench") icmpt:value("redirect") icmpt:value("network-redirect") icmpt:value("host-redirect") icmpt:value("TOS-network-redirect") icmpt:value("TOS-host-redirect") icmpt:value("echo-request") icmpt:value("router-advertisement") icmpt:value("router-solicitation") icmpt:value("time-exceeded") icmpt:value("ttl-zero-during-transit") icmpt:value("ttl-zero-during-reassembly") icmpt:value("parameter-problem") icmpt:value("ip-header-bad") icmpt:value("required-option-missing") icmpt:value("timestamp-request") icmpt:value("timestamp-reply") icmpt:value("address-mask-request") icmpt:value("address-mask-reply") src_ip = s:taboption("general", Value, "src_ip", translate("Source address")) src_ip.optional = true src_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr" src_ip.placeholder = translate("any") sport = s:taboption("general", Value, "src_port", translate("Source port")) sport.optional = true sport.datatype = "portrange" sport.placeholder = "0-65535" sport:depends("proto", "tcp") sport:depends("proto", "udp") sport:depends("proto", "tcpudp") dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address")) dest_ip.optional = true dest_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr" dest_ip.placeholder = translate("any") dport = s:taboption("general", Value, "dest_port", translate("Destination port")) dport.optional = true dport.datatype = "portrange" dport:depends("proto", "tcp") dport:depends("proto", "udp") dport:depends("proto", "tcpudp") dport.placeholder = "0-65535" jump = s:taboption("general", ListValue, "target", translate("Action")) jump.rmempty = true jump.default = "ACCEPT" jump:value("DROP", translate("drop")) jump:value("ACCEPT", translate("accept")) jump:value("REJECT", translate("reject")) jump:value("NOTRACK", translate("don't track")) smac = s:taboption("advanced", Value, "src_mac", translate("Source MAC address")) smac.optional = true smac.datatype = "macaddr" smac.placeholder = translate("any") if has_v2 then family = s:taboption("advanced", ListValue, "family", translate("Restrict to address family")) family.rmempty = true family:value("", translate("IPv4 and IPv6")) family:value("ipv4", translate("IPv4 only")) family:value("ipv6", translate("IPv6 only")) end return m