diff options
author | Tom Hodder <tom@limepepper.co.uk> | 2018-06-04 17:11:12 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-06-10 16:24:07 +0200 |
commit | 658d11e7514401b74e062a75b78fe405c3e1d496 (patch) | |
tree | 1e117528c400b1e12f5af5227aceb0a025283ebf /applications/luci-app-firewall/luasrc | |
parent | 8a4c3a01bf5a9a9dfda17aea1eaab72a1c71e8a9 (diff) |
luci-app-firewall: disable port fields when protocol is not TCP or UDP
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-firewall/luasrc')
-rw-r--r-- | applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua | 13 | ||||
-rw-r--r-- | applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua | 20 |
2 files changed, 32 insertions, 1 deletions
diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua index 39895c6f0d..d51f8fb79b 100644 --- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua +++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua @@ -89,6 +89,10 @@ o.rmempty = true o.datatype = "neg(portrange)" o.placeholder = translate("any") +o:depends("proto", "tcp") +o:depends("proto", "udp") +o:depends("proto", "tcp udp") +o:depends("proto", "tcpudp") o = s:option(Value, "src_dip", translate("External IP address"), @@ -109,7 +113,10 @@ o = s:option(Value, "src_dport", translate("External port"), "destination port or port range on this host")) o.datatype = "neg(portrange)" - +o:depends("proto", "tcp") +o:depends("proto", "udp") +o:depends("proto", "tcp udp") +o:depends("proto", "tcpudp") o = s:option(Value, "dest", translate("Internal zone")) o.nocreate = true @@ -134,6 +141,10 @@ o = s:option(Value, "dest_port", o.placeholder = translate("any") o.datatype = "portrange" +o:depends("proto", "tcp") +o:depends("proto", "udp") +o:depends("proto", "tcp udp") +o:depends("proto", "tcpudp") o = s:option(Flag, "reflection", translate("Enable NAT Loopback")) o.rmempty = true diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua index fffa64dad7..b57201041d 100644 --- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua +++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua @@ -115,6 +115,10 @@ elseif rule_type == "redirect" then o.datatype = "neg(portrange)" o.placeholder = translate("any") + o:depends("proto", "tcp") + o:depends("proto", "udp") + o:depends("proto", "tcp udp") + o:depends("proto", "tcpudp") o = s:option(Value, "dest", translate("Destination zone")) o.nocreate = true @@ -139,6 +143,10 @@ elseif rule_type == "redirect" then o.placeholder = translate("any") o.datatype = "neg(portrange)" + o:depends("proto", "tcp") + o:depends("proto", "udp") + o:depends("proto", "tcp udp") + o:depends("proto", "tcpudp") o = s:option(Value, "src_dip", translate("SNAT IP address"), @@ -163,6 +171,10 @@ elseif rule_type == "redirect" then o.rmempty = true o.placeholder = translate('Do not rewrite') + o:depends("proto", "tcp") + o:depends("proto", "udp") + o:depends("proto", "tcp udp") + o:depends("proto", "tcpudp") s:option(Value, "extra", translate("Extra arguments"), @@ -281,6 +293,10 @@ else o.datatype = "list(neg(portrange))" o.placeholder = translate("any") + o:depends("proto", "tcp") + o:depends("proto", "udp") + o:depends("proto", "tcp udp") + o:depends("proto", "tcpudp") o = s:option(Value, "dest_local", translate("Output zone")) o.nocreate = true @@ -312,6 +328,10 @@ else o.datatype = "list(neg(portrange))" o.placeholder = translate("any") + o:depends("proto", "tcp") + o:depends("proto", "udp") + o:depends("proto", "tcp udp") + o:depends("proto", "tcpudp") o = s:option(ListValue, "target", translate("Action")) o.default = "ACCEPT" |