diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2022-04-27 13:17:03 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2022-04-27 13:19:48 +0200 |
| commit | 2f80fe3767207e2dbb8c5286603f49808b66a60d (patch) | |
| tree | 54d08d59dec5eb3cdf1ca27ba98a1300181c277f /modules/luci-mod-status/htdocs/luci-static/resources/view | |
| parent | 2e4b5fb8ff2fb3bfd1400bf7cbf721057f02fab9 (diff) | |
luci-mod-status: hide iptables firewall status when nft is present
Do not expose the iptables status page as menu item when nftables is present
on the system. Instead add a warning banner to the nftables status page
directing the user to the hidden iptables status page when we encounter
legacy rules on the system.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-mod-status/htdocs/luci-static/resources/view')
| -rw-r--r-- | modules/luci-mod-status/htdocs/luci-static/resources/view/status/nftables.js | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/nftables.js b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/nftables.js index da247a45b8..c5677c1ebb 100644 --- a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/nftables.js +++ b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/nftables.js @@ -132,7 +132,11 @@ var action_translations = { return view.extend({ load: function() { - return L.resolveDefault(fs.exec_direct('/usr/sbin/nft', [ '--json', 'list', 'ruleset' ], 'json'), {}); + return Promise.all([ + L.resolveDefault(fs.exec_direct('/usr/sbin/nft', [ '--json', 'list', 'ruleset' ], 'json'), {}), + L.resolveDefault(fs.exec_direct('/usr/sbin/iptables-save'), ''), + L.resolveDefault(fs.exec_direct('/usr/sbin/ip6tables-save'), '') + ]); }, isActionExpression: function(expr) { @@ -662,15 +666,32 @@ return view.extend({ return node; }, + checkLegacyRules: function(ipt4save, ipt6save) { + if (ipt4save.match(/\n-A /) || ipt6save.match(/\n-A /)) { + ui.addNotification(_('Legacy rules detected'), [ + E('p', _('There are legacy iptables rules present on the system. Mixing iptables and nftables rules is discouraged and may lead to incomplete traffic filtering.')), + E('button', { + 'class': 'btn cbi-button', + 'click': function() { location.href = 'nftables/iptables' } + }, _('Open iptables rules overview…')) + ], 'warning'); + } + }, + render: function(data) { - var view = E('div'); + var view = E('div'), + nft = data[0], + ipt = data[1], + ipt6 = data[2]; + + this.checkLegacyRules(ipt, ipt6); - if (!Array.isArray(data.nftables)) - return E('em', _('No nftables ruleset load')); + if (!Array.isArray(nft.nftables)) + return E('em', _('No nftables ruleset loaded.')); - for (var i = 0; i < data.nftables.length; i++) - if (data.nftables[i].hasOwnProperty('table')) - view.appendChild(this.renderTable(data.nftables, data.nftables[i].table)); + for (var i = 0; i < nft.nftables.length; i++) + if (nft.nftables[i].hasOwnProperty('table')) + view.appendChild(this.renderTable(nft.nftables, nft.nftables[i].table)); return view; }, |