Merge pull request #6317 from 1715173329/of/masq6

luci-app-firewall: add masq6 option for zones

1 files changed, 32 insertions, 8 deletions

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
index e19e466e1b..f07df06153 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
@@ -33,6 +33,7 @@ return view.extend({
 		var ctHelpers = data[0],
 		    fwDefaults = data[1],
 		    m, s, o, inp, out;
+		var fw4 = L.hasSystemFeature('firewall4');
 
 		m = new form.Map('firewall', _('Firewall - Zone Settings'),
 			_('The firewall creates zones over your network interfaces to control network traffic flow.'));
@@ -158,12 +159,13 @@ return view.extend({
 		p[2].default = fwDefaults.getForward();
 
 		o = s.taboption('general', form.Flag, 'masq', _('Masquerading'),
-			_('Enable network address and port translation (NAT or NAPT) for outbound traffic on this zone. This is typically enabled on the <em>wan</em> zone.'));
+			_('Enable network address and port translation IPv4 (NAT4 or NAPT4) for outbound traffic on this zone. This is typically enabled on the <em>wan</em> zone.'));
 		o.editable = true;
 		o.tooltip = function(section_id) {
+			var family = uci.get('firewall', section_id, 'family')
 			var masq_src = uci.get('firewall', section_id, 'masq_src')
 			var masq_dest = uci.get('firewall', section_id, 'masq_dest')
-			if (masq_src || masq_dest)
+			if ((!family || family.indexOf('6') == -1) && (masq_src || masq_dest))
 				return _('Limited masquerading enabled');
 
 			return null;
@@ -230,6 +232,20 @@ return view.extend({
 		o.modalonly = true;
 		o.multiple = true;
 
+		if (fw4) {
+			o = s.taboption('advanced', form.Flag, 'masq6', _('IPv6 Masquerading'),
+				_('Enable network address and port translation IPv6 (NAT6 or NAPT6) for outbound traffic on this zone.'));
+			o.modalonly = true;
+			o.tooltip = function(section_id) {
+				var family = uci.get('firewall', section_id, 'family')
+				var masq_src = uci.get('firewall', section_id, 'masq_src')
+				var masq_dest = uci.get('firewall', section_id, 'masq_dest')
+				if ((!family || family.indexOf('6') >= 0) && (masq_src || masq_dest))
+					return _('Limited masquerading enabled');
+				return null;
+			};
+		}
+
 		o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family'));
 		o.value('', _('IPv4 and IPv6'));
 		o.value('ipv4', _('IPv4 only'));
@@ -237,16 +253,24 @@ return view.extend({
 		o.modalonly = true;
 
 		o = s.taboption('advanced', form.DynamicList, 'masq_src', _('Restrict Masquerading to given source subnets'));
-		o.depends('family', '');
-		o.depends('family', 'ipv4');
-		o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+		if (fw4) {
+			o.datatype = 'list(neg(or(uciname,hostname,ipmask)))';
+		} else {
+			o.depends('family', '');
+			o.depends('family', 'ipv4');
+			o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+		}
 		o.placeholder = '0.0.0.0/0';
 		o.modalonly = true;
 
 		o = s.taboption('advanced', form.DynamicList, 'masq_dest', _('Restrict Masquerading to given destination subnets'));
-		o.depends('family', '');
-		o.depends('family', 'ipv4');
-		o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+		if (fw4) {
+			o.datatype = 'list(neg(or(uciname,hostname,ipmask)))';
+		} else {
+			o.depends('family', '');
+			o.depends('family', 'ipv4');
+			o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+		}
 		o.placeholder = '0.0.0.0/0';
 		o.modalonly = true;