Age | Commit message (Collapse) | Author |
|
to firewall 'Match ICMP type' field.
See issue #5213
Signed-off-by: Paul Dee <systemcrash@users.noreply.github.com>
|
|
10 lines are very few and there is much unused space
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
|
|
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #4812
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #4845
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Fixes: #4608
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI.
Signed-off-by: Robby K <robbyke@gmail.com>
|
|
Fixes: #4220
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: FS#2932
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2932
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Drop obsolete extra logic which treats the zone name as covered network
name in case the network list is unset. This behaviour applied to the
pre-fw3 uci firewall, but is not supported since fw3 anymore.
Ref: https://forum.openwrt.org/t/luci-zone-creation-bug/55921
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Use a simple custom format string DSL to assemble the rule description
texts in the overview page.
Also move common code for shared, complex cbi options to the firewall
tool class.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Also resync firewall translations.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
redirects
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The underlying fw3 program currently only does IPv4 port forwards while
LuCI incorrectly reports IPv4 + IPv6 for each forward. Adjust the text
accordingly to fix this.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
When a `config zone` section lacks an `option network` or `list network`
setting, its contained interface list defaults to the name of the zone,
e.g. a zone named `foo` will implicitely contain the network `foo` unless
a deviating or empty `option network` is specified.
Adjust the zones.js model accordingly to reflect that implicit default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #3119
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: FS#2661
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2661
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #3342
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The "conntrack_helpers" method has been renamed to "getConntrackHelpers".
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Rely on the more generic L.hasSystemFeature() from now on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This just makes it easier to find the type one would want.
No types were added or removed, only re-arranged.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
|
|
The "Match ICMP Type" dropdown had entries for router
solicitation & router advertisements, but not the more
generic neighbour solicitation & neighbour advertisements.
A LAN cannot function without Neighbour Discovery; this
means that setting a LAN interface default input policy to
REJECT breaks IPv6 WAN access for all hosts on that LAN;
as they can no longer discover their gateway's MAC address.
This can be fixed with appropriate rules allowing ND input,
which this patch allows one to do in LuCI.
The spelling is the same as in [1].
[1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config>
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
|
|
Fixes: #2920
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This commit introduces support for zone devices, subnets, conntrack helpers
and iptables extra options.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
- Set src/dest defaults only in initial section create state, otherwise it
is impossible to specify output rules
- Get rid of dest_remote/dest_local widget switching and implement change
logic directly in tools.widgets.CBIZoneSelect
- Remove leftover debug code
Ref: https://github.com/openwrt/luci/issues/2889
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #2878
Signed-off-by: Anton Kikin <a.kikin@tano-systems.com>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|