luci-app-firewall: use new ipmask validation types when applicable

This allows for address specifications like "fdca:1234:0123::abcd/::ffff:ffff:ffff:ffff"
which only match the last 64 bits of an address. This syntax is legal and already supported
by iptables and firewall3.

Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

3 files changed, 9 insertions, 9 deletions

diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
index 22f1c7716..17a49483d 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
@@ -73,7 +73,7 @@ o = s:option(Value, "src_ip",
 	translate("Source IP address"),
 	translate("Only match incoming traffic from this IP or range."))
 o.rmempty = true
-o.datatype = "neg(ip4addr)"
+o.datatype = "neg(ipmask4)"
 o.placeholder = translate("any")
 
 luci.sys.net.ipv4_hints(function(ip, name)
@@ -99,7 +99,7 @@ end)
 
 
 o.rmempty = true
-o.datatype = "neg(ip4addr)"
+o.datatype = "neg(ipmask4)"
 o.placeholder = translate("any")
 
 
@@ -119,7 +119,7 @@ o.template = "cbi/firewall_zonelist"
 o = s:option(Value, "dest_ip", translate("Internal IP address"),
 	translate("Redirect matched incoming traffic to the specified \
 		internal host"))
-o.datatype = "ip4addr"
+o.datatype = "ipmask4"
 
 luci.sys.net.ipv4_hints(function(ip, name)
 	o:value(ip, "%s (%s)" %{ ip, name })
diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
index 97e93ae05..1c838888f 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@@ -99,7 +99,7 @@ elseif rule_type == "redirect" then
 
 	o = s:option(Value, "src_ip", translate("Source IP address"))
 	o.rmempty = true
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask4)"
 	o.placeholder = translate("any")
 
 	luci.sys.net.ipv4_hints(function(ip, name)
@@ -123,7 +123,7 @@ elseif rule_type == "redirect" then
 
 
 	o = s:option(Value, "dest_ip", translate("Destination IP address"))
-	o.datatype = "neg(ip4addr)"
+	o.datatype = "neg(ipmask4)"
 
 	luci.sys.net.ipv4_hints(function(ip, name)
 		o:value(ip, "%s (%s)" %{ ip, name })
@@ -269,7 +269,7 @@ else
 
 
 	o = s:option(Value, "src_ip", translate("Source address"))
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask)"
 	o.placeholder = translate("any")
 
 	luci.sys.net.ipv4_hints(function(ip, name)
@@ -290,7 +290,7 @@ else
 
 
 	o = s:option(Value, "dest_ip", translate("Destination address"))
-	o.datatype = "neg(ipaddr)"
+	o.datatype = "neg(ipmask)"
 	o.placeholder = translate("any")
 
 	luci.sys.net.ipv4_hints(function(ip, name)
diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
index c8b8f22bd..500d1bf32 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/zone-details.lua
@@ -126,7 +126,7 @@ msrc = s:taboption("advanced", DynamicList, "masq_src",
 	translate("Restrict Masquerading to given source subnets"))
 
 msrc.optional = true
-msrc.datatype = "list(neg(or(uciname,hostname,ip4addr)))"
+msrc.datatype = "list(neg(or(uciname,hostname,ipmask4)))"
 msrc.placeholder = "0.0.0.0/0"
 msrc:depends("family", "")
 msrc:depends("family", "ipv4")
@@ -135,7 +135,7 @@ mdest = s:taboption("advanced", DynamicList, "masq_dest",
 	translate("Restrict Masquerading to given destination subnets"))
 
 mdest.optional = true
-mdest.datatype = "list(neg(or(uciname,hostname,ip4addr)))"
+mdest.datatype = "list(neg(or(uciname,hostname,ipmask4)))"
 mdest.placeholder = "0.0.0.0/0"
 mdest:depends("family", "")
 mdest:depends("family", "ipv4")