luci-firewall: Add support for negations for ip addresses/nets (#218)

[project/luci.git] / applications / luci-firewall / luasrc / model / cbi / luci_fw / trule.lua

diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
index 7ee8fd8..10a9869 100644 (file)
--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
@@ -53,7 +53,7 @@ src.template = "cbi/firewall_zonelist"
 
 dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
 dest.nocreate = true
-dest.default = "lan"
+dest.allowlocal = true
 dest.template = "cbi/firewall_zonelist"
 
 proto = s:taboption("general", Value, "proto", translate("Protocol"))
@@ -66,7 +66,7 @@ proto:value("icmp", "ICMP")
 
 icmpt = s:taboption("general", Value, "icmp_type", translate("Match ICMP type"))
 icmpt:depends("proto", "icmp")
-icmpt:value("any")
+icmpt:value("", "any")
 icmpt:value("echo-reply")
 icmpt:value("destination-unreachable")
 icmpt:value("network-unreachable")
@@ -106,18 +106,21 @@ icmpt:value("address-mask-reply")
 
 src_ip = s:taboption("general", Value, "src_ip", translate("Source address"))
 src_ip.optional = true
-src_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
+src_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
+src_ip.placeholder = translate("any")
 
 sport = s:taboption("general", Value, "src_port", translate("Source port"))
 sport.optional = true
 sport.datatype = "portrange"
+sport.placeholder = "0-65535"
 sport:depends("proto", "tcp")
 sport:depends("proto", "udp")
 sport:depends("proto", "tcpudp")
 
 dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address"))
 dest_ip.optional = true
-dest_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
+dest_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
+dest_ip.placeholder = translate("any")
 
 dport = s:taboption("general", Value, "dest_port", translate("Destination port"))
 dport.optional = true
@@ -125,6 +128,7 @@ dport.datatype = "portrange"
 dport:depends("proto", "tcp")
 dport:depends("proto", "udp")
 dport:depends("proto", "tcpudp")
+dport.placeholder = "0-65535"
 
 jump = s:taboption("general", ListValue, "target", translate("Action"))
 jump.rmempty = true
@@ -132,9 +136,13 @@ jump.default = "ACCEPT"
 jump:value("DROP", translate("drop"))
 jump:value("ACCEPT", translate("accept"))
 jump:value("REJECT", translate("reject"))
+jump:value("NOTRACK", translate("don't track"))
 
 
-s:taboption("advanced", Value, "src_mac", translate("Source MAC-address")).optional = true
+smac = s:taboption("advanced", Value, "src_mac", translate("Source MAC address"))
+smac.optional = true
+smac.datatype = "macaddr"
+smac.placeholder = translate("any")
 
 if has_v2 then
        family = s:taboption("advanced", ListValue, "family", translate("Restrict to address family"))