X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=applications%2Fluci-firewall%2Fluasrc%2Fmodel%2Fcbi%2Fluci_fw%2Ftrule.lua;h=99011fea7d115f45835750ea5d131de20503e914;hp=0ce41e38c782500945ab0cb50abe4734b1dc2b56;hb=447cc08a8a8204dc5d20b760557d1a3b2f0b687b;hpb=4ad99af940a90592b51729aa44a155f8053fd85b diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua index 0ce41e38c..99011fea7 100644 --- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua +++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua @@ -2,6 +2,7 @@ LuCI - Lua Configuration Interface Copyright 2008 Steven Barth +Copyright 2010 Jo-Philipp Wich Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -11,62 +12,125 @@ You may obtain a copy of the License at $Id$ ]]-- + +local has_v2 = nixio.fs.access("/lib/firewall/fw.sh") +local dsp = require "luci.dispatcher" + arg[1] = arg[1] or "" + m = Map("firewall", translate("Advanced Rules"), translate("Advanced rules let you customize the firewall to your " .. "needs. Only new connections will be matched. Packets " .. "belonging to already open connections are automatically " .. "allowed to pass the firewall.")) +m.redirect = dsp.build_url("admin", "network", "firewall") + +if not m.uci:get(arg[1]) == "rule" then + luci.http.redirect(m.redirect) + return +end + s = m:section(NamedSection, arg[1], "rule", "") s.anonymous = true s.addremove = false +s:tab("general", translate("General Settings")) +s:tab("advanced", translate("Advanced Options")) + back = s:option(DummyValue, "_overview", translate("Overview")) back.value = "" -back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule") +back.titleref = dsp.build_url("admin", "network", "firewall", "rule") -name = s:option(Value, "_name", translate("Name").." "..translate("(optional)")) +name = s:taboption("general", Value, "_name", translate("Name").." "..translate("(optional)")) name.rmempty = true -iface = s:option(ListValue, "src", translate("Source zone")) -iface.rmempty = true +src = s:taboption("general", Value, "src", translate("Source zone")) +src.nocreate = true +src.default = "wan" +src.template = "cbi/firewall_zonelist" -oface = s:option(ListValue, "dest", translate("Destination zone")) -oface:value("", translate("any")) -oface.rmempty = true +dest = s:taboption("advanced", Value, "dest", translate("Destination zone")) +dest.nocreate = true +dest.allowlocal = true +dest.template = "cbi/firewall_zonelist" -luci.model.uci.cursor():foreach("firewall", "zone", - function (section) - iface:value(section.name) - oface:value(section.name) - end) - -proto = s:option(Value, "proto", translate("Protocol")) +proto = s:taboption("general", Value, "proto", translate("Protocol")) proto.optional = true -proto:value("") proto:value("all", translate("Any")) proto:value("tcpudp", "TCP+UDP") proto:value("tcp", "TCP") proto:value("udp", "UDP") proto:value("icmp", "ICMP") -s:option(Value, "src_ip", translate("Source address")).optional = true -s:option(Value, "dest_ip", translate("Destination address")).optional = true -s:option(Value, "src_mac", translate("Source MAC-address")).optional = true - -sport = s:option(Value, "src_port", translate("Source port")) +icmpt = s:taboption("general", Value, "icmp_type", translate("Match ICMP type")) +icmpt:depends("proto", "icmp") +icmpt:value("any") +icmpt:value("echo-reply") +icmpt:value("destination-unreachable") +icmpt:value("network-unreachable") +icmpt:value("host-unreachable") +icmpt:value("protocol-unreachable") +icmpt:value("port-unreachable") +icmpt:value("fragmentation-needed") +icmpt:value("source-route-failed") +icmpt:value("network-unknown") +icmpt:value("host-unknown") +icmpt:value("network-prohibited") +icmpt:value("host-prohibited") +icmpt:value("TOS-network-unreachable") +icmpt:value("TOS-host-unreachable") +icmpt:value("communication-prohibited") +icmpt:value("host-precedence-violation") +icmpt:value("precedence-cutoff") +icmpt:value("source-quench") +icmpt:value("redirect") +icmpt:value("network-redirect") +icmpt:value("host-redirect") +icmpt:value("TOS-network-redirect") +icmpt:value("TOS-host-redirect") +icmpt:value("echo-request") +icmpt:value("router-advertisement") +icmpt:value("router-solicitation") +icmpt:value("time-exceeded") +icmpt:value("ttl-zero-during-transit") +icmpt:value("ttl-zero-during-reassembly") +icmpt:value("parameter-problem") +icmpt:value("ip-header-bad") +icmpt:value("required-option-missing") +icmpt:value("timestamp-request") +icmpt:value("timestamp-reply") +icmpt:value("address-mask-request") +icmpt:value("address-mask-reply") + +src_ip = s:taboption("general", Value, "src_ip", translate("Source address")) +src_ip.optional = true +src_ip.datatype = has_v2 and "ipaddr" or "ip4addr" +src_ip.placeholder = translate("any") + +sport = s:taboption("general", Value, "src_port", translate("Source port")) +sport.optional = true +sport.datatype = "portrange" +sport.placeholder = "0-65535" sport:depends("proto", "tcp") sport:depends("proto", "udp") sport:depends("proto", "tcpudp") -dport = s:option(Value, "dest_port", translate("Destination port")) +dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address")) +dest_ip.optional = true +dest_ip.datatype = has_v2 and "ipaddr" or "ip4addr" +dest_ip.placeholder = translate("any") + +dport = s:taboption("general", Value, "dest_port", translate("Destination port")) +dport.optional = true +dport.datatype = "portrange" dport:depends("proto", "tcp") dport:depends("proto", "udp") dport:depends("proto", "tcpudp") +dport.placeholder = "0-65535" -jump = s:option(ListValue, "target", translate("Action")) +jump = s:taboption("general", ListValue, "target", translate("Action")) jump.rmempty = true jump.default = "ACCEPT" jump:value("DROP", translate("drop")) @@ -74,4 +138,17 @@ jump:value("ACCEPT", translate("accept")) jump:value("REJECT", translate("reject")) +smac = s:taboption("advanced", Value, "src_mac", translate("Source MAC address")) +smac.optional = true +smac.datatype = "macaddr" +smac.placeholder = translate("any") + +if has_v2 then + family = s:taboption("advanced", ListValue, "family", translate("Restrict to address family")) + family.rmempty = true + family:value("", translate("IPv4 and IPv6")) + family:value("ipv4", translate("IPv4 only")) + family:value("ipv6", translate("IPv6 only")) +end + return m