summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall
diff options
context:
space:
mode:
authorTom Hodder <tom@limepepper.co.uk>2018-06-04 17:11:12 +0100
committerJo-Philipp Wich <jo@mein.io>2018-06-10 16:24:07 +0200
commit658d11e7514401b74e062a75b78fe405c3e1d496 (patch)
tree1e117528c400b1e12f5af5227aceb0a025283ebf /applications/luci-app-firewall
parent8a4c3a01bf5a9a9dfda17aea1eaab72a1c71e8a9 (diff)
luci-app-firewall: disable port fields when protocol is not TCP or UDP
It's currently possible to generate nonsensical firewall rules by inputting combinations which include: i) protocols other than UDP/TCP ii) source and destination ports. There is some discussion of the issue on the forum here and the issue is here; #1850. This patch makes fields like src_port and dest_port depend on protocol being tcp, udp or "tcp udp" in the input, forwarding and source NAT forms. Signed-off-by: Tom Hodder <tom@limepepper.co.uk> [reword commit message, squash commits] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-firewall')
-rw-r--r--applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua13
-rw-r--r--applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua20
2 files changed, 32 insertions, 1 deletions
diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
index 39895c6f0..d51f8fb79 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
@@ -89,6 +89,10 @@ o.rmempty = true
o.datatype = "neg(portrange)"
o.placeholder = translate("any")
+o:depends("proto", "tcp")
+o:depends("proto", "udp")
+o:depends("proto", "tcp udp")
+o:depends("proto", "tcpudp")
o = s:option(Value, "src_dip",
translate("External IP address"),
@@ -109,7 +113,10 @@ o = s:option(Value, "src_dport", translate("External port"),
"destination port or port range on this host"))
o.datatype = "neg(portrange)"
-
+o:depends("proto", "tcp")
+o:depends("proto", "udp")
+o:depends("proto", "tcp udp")
+o:depends("proto", "tcpudp")
o = s:option(Value, "dest", translate("Internal zone"))
o.nocreate = true
@@ -134,6 +141,10 @@ o = s:option(Value, "dest_port",
o.placeholder = translate("any")
o.datatype = "portrange"
+o:depends("proto", "tcp")
+o:depends("proto", "udp")
+o:depends("proto", "tcp udp")
+o:depends("proto", "tcpudp")
o = s:option(Flag, "reflection", translate("Enable NAT Loopback"))
o.rmempty = true
diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
index fffa64dad..b57201041 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@@ -115,6 +115,10 @@ elseif rule_type == "redirect" then
o.datatype = "neg(portrange)"
o.placeholder = translate("any")
+ o:depends("proto", "tcp")
+ o:depends("proto", "udp")
+ o:depends("proto", "tcp udp")
+ o:depends("proto", "tcpudp")
o = s:option(Value, "dest", translate("Destination zone"))
o.nocreate = true
@@ -139,6 +143,10 @@ elseif rule_type == "redirect" then
o.placeholder = translate("any")
o.datatype = "neg(portrange)"
+ o:depends("proto", "tcp")
+ o:depends("proto", "udp")
+ o:depends("proto", "tcp udp")
+ o:depends("proto", "tcpudp")
o = s:option(Value, "src_dip",
translate("SNAT IP address"),
@@ -163,6 +171,10 @@ elseif rule_type == "redirect" then
o.rmempty = true
o.placeholder = translate('Do not rewrite')
+ o:depends("proto", "tcp")
+ o:depends("proto", "udp")
+ o:depends("proto", "tcp udp")
+ o:depends("proto", "tcpudp")
s:option(Value, "extra",
translate("Extra arguments"),
@@ -281,6 +293,10 @@ else
o.datatype = "list(neg(portrange))"
o.placeholder = translate("any")
+ o:depends("proto", "tcp")
+ o:depends("proto", "udp")
+ o:depends("proto", "tcp udp")
+ o:depends("proto", "tcpudp")
o = s:option(Value, "dest_local", translate("Output zone"))
o.nocreate = true
@@ -312,6 +328,10 @@ else
o.datatype = "list(neg(portrange))"
o.placeholder = translate("any")
+ o:depends("proto", "tcp")
+ o:depends("proto", "udp")
+ o:depends("proto", "tcp udp")
+ o:depends("proto", "tcpudp")
o = s:option(ListValue, "target", translate("Action"))
o.default = "ACCEPT"