diff options
Diffstat (limited to 'modules/luci-base/root/usr')
| -rwxr-xr-x | modules/luci-base/root/usr/libexec/rpcd/luci | 35 | ||||
| -rw-r--r-- | modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json | 14 |
2 files changed, 48 insertions, 1 deletions
diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci index 55233d6d0a..7644745efd 100755 --- a/modules/luci-base/root/usr/libexec/rpcd/luci +++ b/modules/luci-base/root/usr/libexec/rpcd/luci @@ -285,6 +285,41 @@ local methods = { local fs = require "nixio.fs" return { offload_support = not not fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") } end + }, + + conntrack_helpers = { + call = function() + local fd = io.open("/usr/share/fw3/helpers.conf", "r") + local rv = {} + + local line, entry + while true do + line = fd:read("*l") + if not line then + break + end + + if line:match("^%s*config%s") then + if entry then + rv[#rv+1] = entry + end + entry = {} + else + local opt, val = line:match("^%s*option%s+(%S+)%s+(%S.*)$") + if opt and val then + opt = opt:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + val = val:gsub("^'(.+)'$", "%1"):gsub('^"(.+)"$', "%1") + entry[opt] = val + end + end + end + + if entry then + rv[#rv+1] = entry + end + + return { helpers = rv } + end } } diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index a9baef8f9c..de145ce784 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -13,7 +13,7 @@ "read": { "ubus": { "iwinfo": [ "info" ], - "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "offload_support", "usb" ], + "luci": [ "boardjson", "duid_hints", "host_hints", "ifaddrs", "initList", "getLocaltime", "leases", "leds", "netdevs", "usb" ], "network.device": [ "status" ], "network.interface": [ "dump" ], "network.wireless": [ "status" ], @@ -28,5 +28,17 @@ }, "uci": [ "*" ] } + }, + "luci-app-firewall": { + "description": "Grant access to firewall procedures", + "read": { + "ubus": { + "luci": [ "conntrack_helpers", "offload_support" ] + }, + "uci": [ "firewall" ] + }, + "write": { + "uci": [ "firewall" ] + } } } |