summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2020-01-16 16:12:38 +0100
committerJo-Philipp Wich <jo@mein.io>2020-01-16 16:13:01 +0100
commitd601e79da593528599829290859769d72412f426 (patch)
tree2134137ccea20f6c69dad1b72b039a4f78089f7c /applications/luci-app-firewall
parentb65588ebc65d39ed978902c87cfb1b43773cb0a0 (diff)
luci-app-firewall: support 'helper' and 'set_helper' parameters for rules
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-firewall')
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js45
1 files changed, 40 insertions, 5 deletions
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index 8c50baa820..1d9af33fca 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -148,14 +148,23 @@ return L.view.extend({
expect: { '': {} }
}),
+ callConntrackHelpers: rpc.declare({
+ object: 'luci',
+ method: 'getConntrackHelpers',
+ expect: { result: [] }
+ }),
+
load: function() {
- return this.callHostHints().catch(function(e) {
- console.debug('load fail', e);
- });
+ return Promise.all([
+ this.callHostHints(),
+ this.callConntrackHelpers()
+ ]);
},
- render: function(hosts) {
- var m, s, o;
+ render: function(data) {
+ var hosts = data[0],
+ ctHelpers = data[1],
+ m, s, o;
m = new form.Map('firewall', _('Firewall - Traffic Rules'),
_('Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.'));
@@ -383,6 +392,32 @@ return L.view.extend({
o.value('ACCEPT', _('accept'));
o.value('REJECT', _('reject'));
o.value('NOTRACK', _("don't track"));
+ o.value('HELPER', _('assign conntrack helper'));
+
+ o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
+ o.modalonly = true;
+ o.placeholder = _('any');
+ o.depends('target', 'HELPER');
+ for (var i = 0; i < ctHelpers.length; i++)
+ o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+
+ o = s.taboption('advanced', form.Value, 'helper', _('Match helper'), _('Match traffic using the specified connection tracking helper.'));
+ o.modalonly = true;
+ o.placeholder = _('any');
+ for (var i = 0; i < ctHelpers.length; i++)
+ o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+ o.validate = function(section_id, value) {
+ if (value == '' || value == null)
+ return true;
+
+ value = value.replace(/^!\s*/, '');
+
+ for (var i = 0; i < ctHelpers.length; i++)
+ if (value == ctHelpers[i].name)
+ return true;
+
+ return _('Unknown or not installed conntrack helper "%s"').format(value);
+ };
o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
_('Passes additional arguments to iptables. Use with care!'));