summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/htdocs/luci-static/resources/view
diff options
context:
space:
mode:
Diffstat (limited to 'applications/luci-app-firewall/htdocs/luci-static/resources/view')
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js43
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js98
-rw-r--r--applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js23
3 files changed, 138 insertions, 26 deletions
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
index dc2249275e..500e68fb17 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
@@ -43,7 +43,7 @@ function fmt(fmt /*, ...*/) {
function forward_proto_txt(s) {
return fmt('%s-%s',
- fwtool.fmt_family(uci.get('firewall', s, 'family')),
+ fwtool.fmt_family('ipv4'),
fwtool.fmt_proto(uci.get('firewall', s, 'proto'),
uci.get('firewall', s, 'icmp_type')) || 'TCP+UDP');
}
@@ -79,14 +79,22 @@ return L.view.extend({
expect: { '': {} }
}),
+ callConntrackHelpers: rpc.declare({
+ object: 'luci',
+ method: 'getConntrackHelpers',
+ expect: { result: [] }
+ }),
+
load: function() {
return Promise.all([
- this.callHostHints()
+ this.callHostHints(),
+ this.callConntrackHelpers()
]);
},
render: function(data) {
var hosts = data[0],
+ ctHelpers = data[1],
m, s, o;
m = new form.Map('firewall', _('Firewall - Port Forwards'),
@@ -264,6 +272,37 @@ return L.view.extend({
o.rmempty = true;
o.default = o.enabled;
+ o = s.taboption('advanced', form.ListValue, 'reflection_src', _('Loopback source IP'), _('Specifies whether to use the external or the internal IP address for reflected traffic.'));
+ o.modalonly = true;
+ o.depends('reflection', '1');
+ o.value('internal', _('Use internal IP address'));
+ o.value('external', _('Use external IP address'));
+ o.write = function(section_id, value) {
+ uci.set('firewall', section_id, 'reflection_src', (value != 'internal') ? value : null);
+ };
+
+ o = s.taboption('advanced', form.Value, 'helper', _('Match helper'), _('Match traffic using the specified connection tracking helper.'));
+ o.modalonly = true;
+ o.placeholder = _('any');
+ for (var i = 0; i < ctHelpers.length; i++)
+ o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+ o.validate = function(section_id, value) {
+ if (value == '' || value == null)
+ return true;
+
+ value = value.replace(/^!\s*/, '');
+
+ for (var i = 0; i < ctHelpers.length; i++)
+ if (value == ctHelpers[i].name)
+ return true;
+
+ return _('Unknown or not installed conntrack helper "%s"').format(value);
+ };
+
+ fwtool.addMarkOption(s, false);
+ fwtool.addLimitOption(s);
+ fwtool.addLimitBurstOption(s);
+
o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
_('Passes additional arguments to iptables. Use with care!'));
o.modalonly = true;
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index a0d4cfc063..6c6efc805f 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -148,14 +148,23 @@ return L.view.extend({
expect: { '': {} }
}),
+ callConntrackHelpers: rpc.declare({
+ object: 'luci',
+ method: 'getConntrackHelpers',
+ expect: { result: [] }
+ }),
+
load: function() {
- return this.callHostHints().catch(function(e) {
- console.debug('load fail', e);
- });
+ return Promise.all([
+ this.callHostHints(),
+ this.callConntrackHelpers()
+ ]);
},
- render: function(hosts) {
- var m, s, o;
+ render: function(data) {
+ var hosts = data[0],
+ ctHelpers = data[1],
+ m, s, o;
m = new form.Map('firewall', _('Firewall - Traffic Rules'),
_('Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.'));
@@ -223,9 +232,34 @@ return L.view.extend({
o.default = o.enabled;
o.editable = true;
- //ft.opt_enabled(s, Button);
- //ft.opt_name(s, Value, _('Name'));
+ o = s.taboption('advanced', form.ListValue, 'direction', _('Match device'));
+ o.modalonly = true;
+ o.value('', _('unspecified'));
+ o.value('in', _('Inbound device'));
+ o.value('out', _('Outbound device'));
+ o.cfgvalue = function(section_id) {
+ var val = uci.get('firewall', section_id, 'direction');
+ switch (val) {
+ case 'in':
+ case 'ingress':
+ return 'in';
+
+ case 'out':
+ case 'egress':
+ return 'out';
+ }
+
+ return null;
+ };
+
+ o = s.taboption('advanced', widgets.DeviceSelect, 'device', _('Device name'),
+ _('Specifies whether to tie this traffic rule to a specific inbound or outbound network device.'));
+ o.modalonly = true;
+ o.noaliases = true;
+ o.rmempty = false;
+ o.depends('direction', 'in');
+ o.depends('direction', 'out');
o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family'));
o.modalonly = true;
@@ -358,6 +392,56 @@ return L.view.extend({
o.value('ACCEPT', _('accept'));
o.value('REJECT', _('reject'));
o.value('NOTRACK', _("don't track"));
+ o.value('HELPER', _('assign conntrack helper'));
+ o.value('MARK_SET', _('apply firewall mark'));
+ o.value('MARK_XOR', _('XOR firewall mark'));
+ o.value('DSCP', _('DSCP classification'));
+ o.cfgvalue = function(section_id) {
+ var t = uci.get('firewall', section_id, 'target'),
+ m = uci.get('firewall', section_id, 'set_mark');
+
+ if (t == 'MARK')
+ return m ? 'MARK_SET' : 'MARK_XOR';
+
+ return t;
+ };
+ o.write = function(section_id, value) {
+ return this.super('write', [section_id, (value == 'MARK_SET' || value == 'MARK_XOR') ? 'MARK' : value]);
+ };
+
+ fwtool.addMarkOption(s, 1);
+ fwtool.addMarkOption(s, 2);
+ fwtool.addDSCPOption(s, true);
+
+ o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
+ o.modalonly = true;
+ o.placeholder = _('any');
+ o.depends('target', 'HELPER');
+ for (var i = 0; i < ctHelpers.length; i++)
+ o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+
+ o = s.taboption('advanced', form.Value, 'helper', _('Match helper'), _('Match traffic using the specified connection tracking helper.'));
+ o.modalonly = true;
+ o.placeholder = _('any');
+ for (var i = 0; i < ctHelpers.length; i++)
+ o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+ o.validate = function(section_id, value) {
+ if (value == '' || value == null)
+ return true;
+
+ value = value.replace(/^!\s*/, '');
+
+ for (var i = 0; i < ctHelpers.length; i++)
+ if (value == ctHelpers[i].name)
+ return true;
+
+ return _('Unknown or not installed conntrack helper "%s"').format(value);
+ };
+
+ fwtool.addMarkOption(s, false);
+ fwtool.addDSCPOption(s, false);
+ fwtool.addLimitOption(s);
+ fwtool.addLimitBurstOption(s);
o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
_('Passes additional arguments to iptables. Use with care!'));
diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
index 48fd98ff28..919a418fe6 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
@@ -81,10 +81,11 @@ function snat_proto_txt(s) {
var m = uci.get('firewall', s, 'mark'),
p = uci.get('firewall', s, 'proto');
- return fmt(_('Match %{protocol?%{family} %{protocol} traffic:any %{family} traffic} %{mark?with firewall mark %{mark}}'), {
+ return fmt(_('Match %{protocol?%{family} %{protocol} traffic:any %{family} traffic} %{mark?with firewall mark %{mark}} %{limit?limited to %{limit}}'), {
protocol: (p && p != 'all' && p != 'any' && p != '*') ? fwtool.fmt_proto(uci.get('firewall', s, 'proto')) : null,
family: fwtool.fmt_family('ipv4'),
- mark: m ? E('var', {}, fwtool.fmt_neg(m)) : null
+ mark: m ? E('var', {}, fwtool.fmt_neg(m)) : null,
+ limit: fwtool.fmt_limit(uci.get('firewall', s, 'limit'), uci.get('firewall', s, 'limit_burst'))
});
}
@@ -312,21 +313,9 @@ return L.view.extend({
o.modalonly = true;
o.rmempty = true;
- o = s.taboption('advanced', form.Value, 'mark', _('Match mark'),
- _('Matches a specific firewall mark or a range of different marks.'));
- o.modalonly = true;
- o.rmempty = true;
- o.validate = function(section_id, value) {
- if (value == '')
- return true;
-
- var m = String(value).match(/^(?:!\s*)?(0x[0-9a-f]{1,8}|[0-9]{1,10})(?:\/(0x[0-9a-f]{1,8}|[0-9]{1,10}))?$/i);
-
- if (!m || +m[1] > 0xffffffff || (m[2] != null && +m[2] > 0xffffffff))
- return _('Expecting: %s').format(_('valid firewall mark'));
-
- return true;
- };
+ fwtool.addMarkOption(s, false);
+ fwtool.addLimitOption(s);
+ fwtool.addLimitBurstOption(s);
o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
_('Passes additional arguments to iptables. Use with care!'));
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-04 07:34:14 +0000