From 0f71faaf340b88f3178301a3063ab50aa39d4e8d Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 20 Dec 2011 03:14:54 +0000 Subject: [PATCH] applications/luci-firewall: use option "name" instead of deprecated "_name", expose "extra" option, add enable/disable toggles for portforwards, snats and rules --- .../luasrc/model/cbi/firewall/forward-details.lua | 148 ++++++++++++--------- .../luasrc/model/cbi/firewall/forwards.lua | 11 +- .../luasrc/model/cbi/firewall/rule-details.lua | 31 ++++- .../luasrc/model/cbi/firewall/rules.lua | 20 ++- .../luci-firewall/luasrc/tools/firewall.lua | 58 ++++++++ 5 files changed, 180 insertions(+), 88 deletions(-) diff --git a/applications/luci-firewall/luasrc/model/cbi/firewall/forward-details.lua b/applications/luci-firewall/luasrc/model/cbi/firewall/forward-details.lua index 1cc5ecbb4..c3618ec01 100644 --- a/applications/luci-firewall/luasrc/model/cbi/firewall/forward-details.lua +++ b/applications/luci-firewall/luasrc/model/cbi/firewall/forward-details.lua @@ -14,6 +14,9 @@ $Id$ local sys = require "luci.sys" local dsp = require "luci.dispatcher" +local ft = require "luci.tools.firewall" + +local m, s, o arg[1] = arg[1] or "" @@ -29,7 +32,7 @@ if m.uci:get("firewall", arg[1]) ~= "redirect" then luci.http.redirect(m.redirect) return else - local name = m:get(arg[1], "_name") + local name = m:get(arg[1], "name") or m:get(arg[1], "_name") if not name or #name == 0 then name = translate("(Unnamed Entry)") end @@ -56,26 +59,17 @@ s = m:section(NamedSection, arg[1], "redirect", "") s.anonymous = true s.addremove = false -s:tab("general", translate("General Settings")) -s:tab("advanced", translate("Advanced Settings")) - -name = s:taboption("general", Value, "_name", translate("Name")) -name.rmempty = true -name.size = 10 +ft.opt_enabled(s, Button) +ft.opt_name(s, Value, translate("Name")) -src = s:taboption("advanced", Value, "src", translate("Source zone")) -src.nocreate = true -src.default = "wan" -src.template = "cbi/firewall_zonelist" -proto = s:taboption("general", Value, "proto", translate("Protocol")) -proto.optional = true -proto:value("tcp udp", "TCP+UDP") -proto:value("tcp", "TCP") -proto:value("udp", "UDP") -proto:value("icmp", "ICMP") +o = s:option(Value, "proto", translate("Protocol")) +o:value("tcp udp", "TCP+UDP") +o:value("tcp", "TCP") +o:value("udp", "UDP") +o:value("icmp", "ICMP") -function proto.cfgvalue(...) +function o.cfgvalue(...) local v = Value.cfgvalue(...) if not v or v == "tcpudp" then return "tcp udp" @@ -83,66 +77,88 @@ function proto.cfgvalue(...) return v end -dport = s:taboption("general", Value, "src_dport", translate("External port"), - translate("Match incoming traffic directed at the given " .. - "destination port or port range on this host")) -dport.datatype = "portrange" -to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"), - translate("Redirect matched incoming traffic to the specified " .. - "internal host")) -to.datatype = "ip4addr" -for i, dataset in ipairs(sys.net.arptable()) do - to:value(dataset["IP address"]) -end - -toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"), - translate("Redirect matched incoming traffic to the given port on " .. - "the internal host")) -toport.optional = true -toport.placeholder = "0-65535" -toport.datatype = "portrange" +o = s:option(Value, "src", translate("Source zone")) +o.nocreate = true +o.default = "wan" +o.template = "cbi/firewall_zonelist" -dest = s:taboption("advanced", Value, "dest", translate("Destination zone")) -dest.nocreate = true -dest.default = "lan" -dest.template = "cbi/firewall_zonelist" - -src_dip = s:taboption("advanced", Value, "src_dip", - translate("Intended destination address"), - translate("Only match incoming traffic directed at the given IP address.")) -src_dip.optional = true -src_dip.datatype = "ip4addr" -src_dip.placeholder = translate("any") - -src_mac = s:taboption("advanced", DynamicList, "src_mac", +o = s:option(DynamicList, "src_mac", translate("Source MAC address"), translate("Only match incoming traffic from these MACs.")) -src_mac.optional = true -src_mac.datatype = "macaddr" -src_mac.placeholder = translate("any") +o.rmempty = true +o.datatype = "macaddr" +o.placeholder = translate("any") + -src_ip = s:taboption("advanced", Value, "src_ip", +o = s:option(Value, "src_ip", translate("Source IP address"), translate("Only match incoming traffic from this IP or range.")) -src_ip.optional = true -src_ip.datatype = "neg(ip4addr)" -src_ip.placeholder = translate("any") +o.rmempty = true +o.datatype = "neg(ip4addr)" +o.placeholder = translate("any") -sport = s:taboption("advanced", Value, "src_port", + +o = s:option(Value, "src_port", translate("Source port"), translate("Only match incoming traffic originating from the given source port or port range on the client host")) -sport.optional = true -sport.datatype = "portrange" -sport.placeholder = translate("any") - -reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback")) -reflection.rmempty = true -reflection.default = reflection.enabled -reflection:depends({ target = "DNAT", src = wan_zone }) -reflection.cfgvalue = function(...) +o.rmempty = true +o.datatype = "portrange" +o.placeholder = translate("any") + + +o = s:option(Value, "src_dip", + translate("External IP address"), + translate("Only match incoming traffic directed at the given IP address.")) + +o.rmempty = true +o.datatype = "ip4addr" +o.placeholder = translate("any") + + +o = s:option(Value, "src_dport", translate("External port"), + translate("Match incoming traffic directed at the given " .. + "destination port or port range on this host")) +o.datatype = "portrange" + + + +o = s:option(Value, "dest", translate("Internal zone")) +o.nocreate = true +o.default = "lan" +o.template = "cbi/firewall_zonelist" + + +o = s:option(Value, "dest_ip", translate("Internal IP address"), + translate("Redirect matched incoming traffic to the specified \ + internal host")) +o.datatype = "ip4addr" +for i, dataset in ipairs(sys.net.arptable()) do + o:value(dataset["IP address"]) +end + + +o = s:option(Value, "dest_port", + translate("Internal port"), + translate("Redirect matched incoming traffic to the given port on \ + the internal host")) +o.placeholder = translate("any") +o.datatype = "portrange" + + +o = s:option(Flag, "reflection", translate("Enable NAT Loopback")) +o.rmempty = true +o.default = o.enabled +o:depends("src", wan_zone) +o.cfgvalue = function(...) return Flag.cfgvalue(...) or "1" end + +s:option(Value, "extra", + translate("Extra arguments"), + translate("Passes additional arguments to iptables. Use with care!")) + + return m diff --git a/applications/luci-firewall/luasrc/model/cbi/firewall/forwards.lua b/applications/luci-firewall/luasrc/model/cbi/firewall/forwards.lua index b07aa9041..714b08e79 100644 --- a/applications/luci-firewall/luasrc/model/cbi/firewall/forwards.lua +++ b/applications/luci-firewall/luasrc/model/cbi/firewall/forwards.lua @@ -49,7 +49,7 @@ function s.create(self, section) self.map:set(created, "src_dport", e) self.map:set(created, "dest_ip", a) self.map:set(created, "dest_port", i) - self.map:set(created, "_name", n) + self.map:set(created, "name", n) end if p ~= "other" then @@ -71,10 +71,9 @@ function s.filter(self, sid) return (self.map:get(sid, "target") ~= "SNAT") end -name = s:option(DummyValue, "_name", translate("Name")) -function name.cfgvalue(self, s) - return self.map:get(s, "_name") or "-" -end + +ft.opt_name(s, DummyValue, translate("Name")) + proto = s:option(DummyValue, "proto", translate("Protocol")) proto.rawhtml = true @@ -131,4 +130,6 @@ function dest.cfgvalue(self, s) end end +ft.opt_enabled(s, Flag, translate("Enable")).width = "1%" + return m diff --git a/applications/luci-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-firewall/luasrc/model/cbi/firewall/rule-details.lua index 1f7df6513..25666dd48 100644 --- a/applications/luci-firewall/luasrc/model/cbi/firewall/rule-details.lua +++ b/applications/luci-firewall/luasrc/model/cbi/firewall/rule-details.lua @@ -17,6 +17,7 @@ local sys = require "luci.sys" local dsp = require "luci.dispatcher" local nxo = require "nixio" +local ft = require "luci.tools.firewall" local nw = require "luci.model.network" local m, s, o, k, v @@ -46,7 +47,7 @@ if not rule_type then -- elseif rule_type == "redirect" then - local name = m:get(arg[1], "_name") + local name = m:get(arg[1], "name") or m:get(arg[1], "_name") if not name or #name == 0 then name = translate("(Unnamed SNAT)") else @@ -76,9 +77,8 @@ elseif rule_type == "redirect" then s.addremove = false - o = s:option(Value, "_name", translate("Name")) - o.rmempty = true - o.size = 10 + ft.opt_enabled(s, Button) + ft.opt_name(s, Value, translate("Name")) o = s:option(Value, "proto", @@ -115,7 +115,7 @@ elseif rule_type == "redirect" then o = s:option(Value, "src_ip", translate("Source IP address")) o.rmempty = true - o.datatype = "neg(ip4addr)" + o.datatype = "neg(ipaddr)" o.placeholder = translate("any") @@ -176,15 +176,29 @@ elseif rule_type == "redirect" then o.placeholder = translate('Do not rewrite') + s:option(Value, "extra", + translate("Extra arguments"), + translate("Passes additional arguments to iptables. Use with care!")) + + -- -- Rule -- else + local name = m:get(arg[1], "name") or m:get(arg[1], "_name") + if not name or #name == 0 then + name = translate("(Unnamed Rule)") + end + + m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name } + + s = m:section(NamedSection, arg[1], "rule", "") s.anonymous = true s.addremove = false - s:option(Value, "_name", translate("Name").." "..translate("(optional)")) + ft.opt_enabled(s, Button) + ft.opt_name(s, Value, translate("Name")) o = s:option(ListValue, "family", translate("Restrict to address family")) @@ -295,6 +309,11 @@ else o:value("ACCEPT", translate("accept")) o:value("REJECT", translate("reject")) o:value("NOTRACK", translate("don't track")) + + + s:option(Value, "extra", + translate("Extra arguments"), + translate("Passes additional arguments to iptables. Use with care!")) end return m diff --git a/applications/luci-firewall/luasrc/model/cbi/firewall/rules.lua b/applications/luci-firewall/luasrc/model/cbi/firewall/rules.lua index f76380c79..290096ba4 100644 --- a/applications/luci-firewall/luasrc/model/cbi/firewall/rules.lua +++ b/applications/luci-firewall/luasrc/model/cbi/firewall/rules.lua @@ -59,7 +59,7 @@ function s.parse(self, ...) self.map:set(created, "src", "wan") self.map:set(created, "proto", (i_p ~= "other") and i_p or "all") self.map:set(created, "dest_port", i_e) - self.map:set(created, "_name", i_n) + self.map:set(created, "name", i_n) if i_p ~= "other" and i_e and #i_e > 0 then created = nil @@ -71,7 +71,7 @@ function s.parse(self, ...) self.map:set(created, "target", "ACCEPT") self.map:set(created, "src", f_s) self.map:set(created, "dest", f_d) - self.map:set(created, "_name", f_n) + self.map:set(created, "name", f_n) end if created then @@ -82,10 +82,7 @@ function s.parse(self, ...) end end -name = s:option(DummyValue, "_name", translate("Name")) -function name.cfgvalue(self, s) - return self.map:get(s, "_name") or "-" -end +ft.opt_name(s, DummyValue, translate("Name")) family = s:option(DummyValue, "family", translate("Family")) function family.cfgvalue(self, s) @@ -170,6 +167,8 @@ function target.cfgvalue(self, s) end end +ft.opt_enabled(s, Flag, translate("Enable")).width = "1%" + -- -- SNAT @@ -210,7 +209,7 @@ function s.parse(self, ...) self.map:set(created, "proto", "all") self.map:set(created, "src_dip", a) self.map:set(created, "src_dport", p) - self.map:set(created, "_name", n) + self.map:set(created, "name", n) end if created then @@ -225,10 +224,7 @@ function s.filter(self, sid) return (self.map:get(sid, "target") == "SNAT") end -name = s:option(DummyValue, "_name", translate("Name")) -function name.cfgvalue(self, s) - return self.map:get(s, "_name") or "-" -end +ft.opt_name(s, DummyValue, translate("Name")) proto = s:option(DummyValue, "proto", translate("Protocol")) proto.rawhtml = true @@ -285,5 +281,7 @@ function snat.cfgvalue(self, s) end end +ft.opt_enabled(s, Flag, translate("Enable")).width = "1%" + return m diff --git a/applications/luci-firewall/luasrc/tools/firewall.lua b/applications/luci-firewall/luasrc/tools/firewall.lua index 1847d14a7..52bce6321 100644 --- a/applications/luci-firewall/luasrc/tools/firewall.lua +++ b/applications/luci-firewall/luasrc/tools/firewall.lua @@ -227,3 +227,61 @@ function fmt_target(x, dest) end end end + + +function opt_enabled(s, t, ...) + if t == luci.cbi.Button then + local o = s:option(t, "__enabled") + function o.render(self, section) + if self.map:get(section, "enabled") ~= "0" then + self.title = translate("Rule is enabled") + self.inputtitle = translate("Disable") + self.inputstyle = "reset" + else + self.title = translate("Rule is disabled") + self.inputtitle = translate("Enable") + self.inputstyle = "apply" + end + t.render(self, section) + end + function o.write(self, section, value) + if self.map:get(section, "enabled") ~= "0" then + self.map:set(section, "enabled", "0") + else + self.map:del(section, "enabled") + end + end + return o + else + local o = s:option(t, "enabled", ...) + o.enabled = "" + o.disabled = "0" + o.default = o.enabled + return o + end +end + +function opt_name(s, t, ...) + local o = s:option(t, "name", ...) + + function o.cfgvalue(self, section) + return self.map:get(section, "name") or + self.map:get(section, "_name") or "-" + end + + function o.write(self, section, value) + if value ~= "-" then + self.map:set(section, "name", value) + self.map:del(section, "_name") + else + self:remove(section) + end + end + + function o.remove(self, section) + self.map:del(section, "name") + self.map:del(section, "_name") + end + + return o +end -- 2.11.0