summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-firewall
diff options
context:
space:
mode:
Diffstat (limited to 'applications/luci-firewall')
-rw-r--r--applications/luci-firewall/Makefile4
-rw-r--r--applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua13
-rw-r--r--applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua48
-rw-r--r--applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua52
-rw-r--r--applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua80
-rw-r--r--applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua88
-rw-r--r--applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua77
-rw-r--r--applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua81
-rw-r--r--applications/luci-firewall/root/lib/uci/schema/default/firewall255
9 files changed, 698 insertions, 0 deletions
diff --git a/applications/luci-firewall/Makefile b/applications/luci-firewall/Makefile
new file mode 100644
index 0000000000..87e881d950
--- /dev/null
+++ b/applications/luci-firewall/Makefile
@@ -0,0 +1,4 @@
+PO = luci-fw
+
+include ../../build/config.mk
+include ../../build/module.mk
diff --git a/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua b/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua
new file mode 100644
index 0000000000..766821af0d
--- /dev/null
+++ b/applications/luci-firewall/luasrc/controller/luci_fw/luci_fw.lua
@@ -0,0 +1,13 @@
+module("luci.controller.luci_fw.luci_fw", package.seeall)
+
+function index()
+ require("luci.i18n").loadc("luci-fw")
+ local i18n = luci.i18n.translate
+
+ entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("Firewall"), 60).i18n = "luci-fw"
+ entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("Zones"), 10)
+ entry({"admin", "network", "firewall", "redirect"}, arcombine(cbi("luci_fw/redirect"), cbi("luci_fw/rrule")), i18n("Traffic Redirection"), 30).leaf = true
+ entry({"admin", "network", "firewall", "rule"}, arcombine(cbi("luci_fw/traffic"), cbi("luci_fw/trule")), i18n("Traffic Control"), 20).leaf = true
+
+ entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw", {autoapply=true}), i18n("Port forwarding"), 70).i18n = "luci-fw"
+end \ No newline at end of file
diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua
new file mode 100644
index 0000000000..44b15f2c77
--- /dev/null
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/miniportfw.lua
@@ -0,0 +1,48 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+m = Map("firewall", translate("Port forwarding"),
+ translate("Port forwarding allows to provide network services in " ..
+ "the internal network to an external network."))
+
+
+s = m:section(TypedSection, "redirect", "")
+s:depends("src", "wan")
+s.defaults.src = "wan"
+
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+
+name = s:option(Value, "_name", translate("Name"), translate("(optional)"))
+name.size = 10
+
+proto = s:option(ListValue, "proto", translate("Protocol"))
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("External port"))
+dport.size = 5
+
+to = s:option(Value, "dest_ip", translate("Internal IP address"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("Internal port"),
+ translate("(optional)"))
+toport.size = 5
+
+return m
diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua
new file mode 100644
index 0000000000..da87015c86
--- /dev/null
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/redirect.lua
@@ -0,0 +1,52 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+m = Map("firewall", translate("Traffic Redirection"),
+ translate("Traffic redirection allows you to change the " ..
+ "destination address of forwarded packets."))
+
+
+s = m:section(TypedSection, "redirect", "")
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s")
+
+name = s:option(Value, "_name", translate("Name"), translate("(optional)"))
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("Zone"))
+iface.default = "wan"
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ end)
+
+proto = s:option(ListValue, "proto", translate("Protocol"))
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("Source port"))
+dport.size = 5
+
+to = s:option(Value, "dest_ip", translate("Destination IP"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("Destination port"))
+toport.size = 5
+
+return m
diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
new file mode 100644
index 0000000000..63e014444b
--- /dev/null
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
@@ -0,0 +1,80 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+arg[1] = arg[1] or ""
+
+m = Map("firewall", translate("Traffic Redirection"),
+ translate("Traffic redirection allows you to change the " ..
+ "destination address of forwarded packets."))
+
+
+s = m:section(NamedSection, arg[1], "redirect", "")
+s.anonymous = true
+s.addremove = false
+
+back = s:option(DummyValue, "_overview", translate("Overview"))
+back.value = ""
+back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "redirect")
+
+name = s:option(Value, "_name", translate("Name"))
+name.rmempty = true
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("Source zone"))
+iface.default = "wan"
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ end)
+
+s:option(Value, "src_ip", translate("Source IP address")).optional = true
+s:option(Value, "src_mac", translate("Source MAC-address")).optional = true
+
+sport = s:option(Value, "src_port", translate("Source port"),
+ translate("Match incoming traffic originating from the given " ..
+ "source port or port range on the client host"))
+sport.optional = true
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+sport:depends("proto", "tcpudp")
+
+proto = s:option(ListValue, "proto", translate("Protocol"))
+proto.optional = true
+proto:value("")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("External port"),
+ translate("Match incoming traffic directed at the given " ..
+ "destination port or port range on this host"))
+dport.size = 5
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+dport:depends("proto", "tcpudp")
+
+to = s:option(Value, "dest_ip", translate("Internal IP address"),
+ translate("Redirect matched incoming traffic to the specified " ..
+ "internal host"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("Internal port (optional)"),
+ translate("Redirect matched incoming traffic to the given port on " ..
+ "the internal host"))
+toport.optional = true
+toport.size = 5
+
+return m
diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua
new file mode 100644
index 0000000000..3bdc6db4c5
--- /dev/null
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/traffic.lua
@@ -0,0 +1,88 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+
+m = Map("firewall", translate("Traffic Control"))
+s = m:section(TypedSection, "forwarding", translate("Zone-to-Zone traffic"),
+ translate("Here you can specify which network traffic is allowed " ..
+ "to flow between network zones. Only new connections will " ..
+ "be matched. Packets belonging to already open " ..
+ "connections are automatically allowed to pass the " ..
+ "firewall. If you experience occasional connection " ..
+ "problems try enabling MSS Clamping otherwise disable it " ..
+ "for performance reasons."))
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+
+iface = s:option(ListValue, "src", translate("Source"))
+oface = s:option(ListValue, "dest", translate("Destination"))
+
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ oface:value(section.name)
+ end)
+
+
+
+s = m:section(TypedSection, "rule", translate("Rules"))
+s.addremove = true
+s.anonymous = true
+s.template = "cbi/tblsection"
+s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s")
+s.defaults.target = "ACCEPT"
+
+local created = nil
+
+function s.create(self, section)
+ created = TypedSection.create(self, section)
+end
+
+function s.parse(self, ...)
+ TypedSection.parse(self, ...)
+ if created then
+ m.uci:save("firewall")
+ luci.http.redirect(luci.dispatcher.build_url(
+ "admin", "network", "firewall", "rule", created
+ ))
+ end
+end
+
+s:option(DummyValue, "_name", translate("Name"))
+s:option(DummyValue, "proto", translate("Protocol"))
+
+src = s:option(DummyValue, "src", translate("Source"))
+function src.cfgvalue(self, s)
+ return "%s:%s:%s" % {
+ self.map:get(s, "src") or "*",
+ self.map:get(s, "src_ip") or "0.0.0.0/0",
+ self.map:get(s, "src_port") or "*"
+ }
+end
+
+dest = s:option(DummyValue, "dest", translate("Destination"))
+function dest.cfgvalue(self, s)
+ return "%s:%s:%s" % {
+ self.map:get(s, "dest") or translate("Device"),
+ self.map:get(s, "dest_ip") or "0.0.0.0/0",
+ self.map:get(s, "dest_port") or "*"
+ }
+end
+
+
+s:option(DummyValue, "target", translate("Action"))
+
+
+return m
diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
new file mode 100644
index 0000000000..0ce41e38c7
--- /dev/null
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
@@ -0,0 +1,77 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+arg[1] = arg[1] or ""
+m = Map("firewall", translate("Advanced Rules"),
+ translate("Advanced rules let you customize the firewall to your " ..
+ "needs. Only new connections will be matched. Packets " ..
+ "belonging to already open connections are automatically " ..
+ "allowed to pass the firewall."))
+
+s = m:section(NamedSection, arg[1], "rule", "")
+s.anonymous = true
+s.addremove = false
+
+back = s:option(DummyValue, "_overview", translate("Overview"))
+back.value = ""
+back.titleref = luci.dispatcher.build_url("admin", "network", "firewall", "rule")
+
+
+name = s:option(Value, "_name", translate("Name").." "..translate("(optional)"))
+name.rmempty = true
+
+iface = s:option(ListValue, "src", translate("Source zone"))
+iface.rmempty = true
+
+oface = s:option(ListValue, "dest", translate("Destination zone"))
+oface:value("", translate("any"))
+oface.rmempty = true
+
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ oface:value(section.name)
+ end)
+
+proto = s:option(Value, "proto", translate("Protocol"))
+proto.optional = true
+proto:value("")
+proto:value("all", translate("Any"))
+proto:value("tcpudp", "TCP+UDP")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("icmp", "ICMP")
+
+s:option(Value, "src_ip", translate("Source address")).optional = true
+s:option(Value, "dest_ip", translate("Destination address")).optional = true
+s:option(Value, "src_mac", translate("Source MAC-address")).optional = true
+
+sport = s:option(Value, "src_port", translate("Source port"))
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+sport:depends("proto", "tcpudp")
+
+dport = s:option(Value, "dest_port", translate("Destination port"))
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+dport:depends("proto", "tcpudp")
+
+jump = s:option(ListValue, "target", translate("Action"))
+jump.rmempty = true
+jump.default = "ACCEPT"
+jump:value("DROP", translate("drop"))
+jump:value("ACCEPT", translate("accept"))
+jump:value("REJECT", translate("reject"))
+
+
+return m
diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua
new file mode 100644
index 0000000000..edb82a9b50
--- /dev/null
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zones.lua
@@ -0,0 +1,81 @@
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+
+local nw = require "luci.model.network"
+local fw = require "luci.model.firewall"
+
+require("luci.tools.webadmin")
+m = Map("firewall", translate("Firewall"), translate("The firewall creates zones over your network interfaces to control network traffic flow."))
+
+fw.init(m.uci)
+nw.init(m.uci)
+
+s = m:section(TypedSection, "defaults")
+s.anonymous = true
+s.addremove = false
+
+s:option(Flag, "syn_flood", translate("Enable SYN-flood protection"))
+
+local di = s:option(Flag, "drop_invalid", translate("Drop invalid packets"))
+di.rmempty = false
+function di.cfgvalue(...)
+ return AbstractValue.cfgvalue(...) or "1"
+end
+
+p = {}
+p[1] = s:option(ListValue, "input", translate("Input"))
+p[2] = s:option(ListValue, "output", translate("Output"))
+p[3] = s:option(ListValue, "forward", translate("Forward"))
+
+for i, v in ipairs(p) do
+ v:value("REJECT", translate("reject"))
+ v:value("DROP", translate("drop"))
+ v:value("ACCEPT", translate("accept"))
+end
+
+
+s = m:section(TypedSection, "zone", translate("Zones"))
+s.template = "cbi/tblsection"
+s.anonymous = true
+s.addremove = true
+
+name = s:option(Value, "name", translate("Name"))
+name.size = 8
+
+p = {}
+p[1] = s:option(ListValue, "input", translate("Input"))
+p[2] = s:option(ListValue, "output", translate("Output"))
+p[3] = s:option(ListValue, "forward", translate("Forward"))
+
+for i, v in ipairs(p) do
+ v:value("REJECT", translate("reject"))
+ v:value("DROP", translate("drop"))
+ v:value("ACCEPT", translate("accept"))
+end
+
+s:option(Flag, "masq", translate("Masquerading"))
+s:option(Flag, "mtu_fix", translate("MSS clamping"))
+
+net = s:option(MultiValue, "network", translate("Network"))
+net.template = "cbi/network_netlist"
+net.widget = "checkbox"
+net.rmempty = true
+luci.tools.webadmin.cbi_add_networks(net)
+
+function net.cfgvalue(self, section)
+ local value = MultiValue.cfgvalue(self, section)
+ return value or name:cfgvalue(section)
+end
+
+return m
diff --git a/applications/luci-firewall/root/lib/uci/schema/default/firewall b/applications/luci-firewall/root/lib/uci/schema/default/firewall
new file mode 100644
index 0000000000..35ff0565cc
--- /dev/null
+++ b/applications/luci-firewall/root/lib/uci/schema/default/firewall
@@ -0,0 +1,255 @@
+package firewall
+
+config package
+ option title 'Firewall configuration'
+
+config section
+ option name 'zone'
+ option title 'Firewall zones'
+ option package 'firewall'
+
+config variable
+ option name 'name'
+ option title 'Name'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'network'
+ option title 'Networks belonging to this zone'
+ option section 'firewall.zone'
+ option valueof 'network.interface'
+ option multival true
+
+config variable
+ option name 'forward'
+ option title 'Zone specific action for forwarded traffic'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'input'
+ option title 'Zone specific action for incoming traffic'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'output'
+ option title 'Zone specific action for outgoing traffic'
+ option section 'firewall.zone'
+ option required true
+
+config variable
+ option name 'masq'
+ option title 'Enable masquerading for outgoing zone traffic'
+ option section 'firewall.zone'
+ option datatype 'boolean'
+
+
+
+config section
+ option name 'defaults'
+ option title 'Global firewall defaults'
+ option package 'firewall'
+ option unique true
+ option required true
+
+config variable
+ option name 'forward'
+ option title 'Action for forwarded traffic'
+ option section 'firewall.defaults'
+ option required true
+
+config variable
+ option name 'input'
+ option title 'Action for incoming traffic'
+ option section 'firewall.defaults'
+ option required true
+
+config variable
+ option name 'output'
+ option title 'Action for outgoing traffic'
+ option section 'firewall.defaults'
+ option required true
+
+config variable
+ option name 'syn_flood'
+ option title 'Enable syn-flood protection'
+ option section 'firewall.defaults'
+ option datatype 'boolean'
+
+config variable
+ option name 'drop_invalid'
+ option title 'Do not drop packages with state invalid'
+ option section 'firewall.defaults'
+ option datatype 'boolean'
+
+
+
+config section
+ option name 'forwarding'
+ option title 'Forwarding rules'
+ option package 'firewall'
+
+config variable
+ option name 'src'
+ option title 'Source zone'
+ option section 'firewall.forwarding'
+ option valueof 'firewall.zone.name'
+ option required true
+
+config variable
+ option name 'dest'
+ option title 'Destination zone'
+ option section 'firewall.forwarding'
+ option valueof 'firewall.zone.name'
+ option required true
+
+config variable
+ option name 'mtu_fix'
+ option title 'Fixup MTU of outgoing packages'
+ option section 'firewall.forwarding'
+ option datatype 'boolean'
+
+
+
+config section
+ option name 'rule'
+ option title 'Custom rules'
+ option package 'firewall'
+ list depends 'target, src'
+ list depends 'target, dest'
+ list depends 'target, src_ip'
+ list depends 'target, src_port'
+ list depends 'target, src_mac'
+ list depends 'target, dest_ip'
+ list depends 'target, dest_port'
+ list depends 'target, proto'
+
+config variable
+ option name 'src'
+ option title 'Source zone'
+ option section 'firewall.rule'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'src_ip'
+ option title 'Source IP address'
+ option section 'firewall.rule'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'src_port'
+ option title 'Source port'
+ option section 'firewall.rule'
+ option datatype 'portrange'
+
+config variable
+ option name 'src_mac'
+ option title 'Source MAC address'
+ option section 'firewall.rule'
+ option datatype 'macaddr'
+
+config variable
+ option name 'dest'
+ option title 'Destination zone'
+ option section 'firewall.rule'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'dest_ip'
+ option title 'Destination IP address'
+ option section 'firewall.rule'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'dest_port'
+ option title 'Destination port'
+ option section 'firewall.rule'
+ option datatype 'portrange'
+
+config variable
+ option name 'proto'
+ option title 'Protocol'
+ option section 'firewall.rule'
+ option datatype 'string'
+
+config variable
+ option name 'target'
+ option title 'Option target'
+ option section 'firewall.rule'
+ option datatype 'string'
+
+
+
+config section
+ option name 'redirect'
+ option title 'Redirection rules'
+ option package 'firewall'
+
+config variable
+ option name 'src'
+ option title 'Source zone'
+ option section 'firewall.redirect'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'src_ip'
+ option title 'Source IP address'
+ option section 'firewall.redirect'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'src_port'
+ option title 'Source port'
+ option section 'firewall.redirect'
+ option datatype 'portrange'
+
+config variable
+ option name 'src_dport'
+ option title 'Source destination port'
+ option section 'firewall.redirect'
+ option datatype 'portrange'
+
+config variable
+ option name 'src_mac'
+ option title 'Option src_mac'
+ option section 'firewall.redirect'
+ option datatype 'macaddr'
+
+config variable
+ option name 'dest'
+ option title 'Destination zone'
+ option section 'firewall.redirect'
+ option valueof 'firewall.zone.name'
+
+config variable
+ option name 'dest_ip'
+ option title 'Destination IP address'
+ option section 'firewall.redirect'
+ option datatype 'ipaddr'
+
+config variable
+ option name 'dest_port'
+ option title 'Destination port'
+ option section 'firewall.redirect'
+ option datatype 'portrange'
+
+config variable
+ option name 'proto'
+ option title 'Protocol'
+ option section 'firewall.redirect'
+ option datatype 'string'
+
+
+
+config section
+ option name 'include'
+ option title 'User defined config includes'
+ option package 'firewall'
+
+config variable
+ option name 'path'
+ option title 'Path to the include file'
+ option section 'firewall.include'
+ option datatype 'file'