summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/htdocs/luci-static/resources/view
AgeCommit message (Collapse)Author
2024-05-01luci-app-firewall: SNAT display fixesPaul Donald
The implied logic in the functions to build display text is a bit of a minefield. Now, if family=4+6 is selected, display 4+6. This part is a follow-up to: 4ca87f6576272d4a4659e995bef00cf34d5746e9 Previously it would display only IPv6. Now, if family=auto i.e. '' is selected then display 4 only. fw4 internally treats no family as IPv4 only, meaning that IPv6 was not SNATed. (This treatment is 'incorrect' but because it has always been this way, this behaviour is retained for backwards compatibility, and user expectations.) Previous logic was incorrect (bug) and would display: Forwarded IPv4 and IPv6 misleading the user. Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-05luci-app-firewall: Add 'any' choice for SNAT 'family' optionPaul Donald
If one sets a SNAT rule via the GUI as 'automatic', the 'family' remains empty. In fw4.uc code, this is interpreted as: /* default to IPv4 only for backwards compatibility, unless an explicit family any was configured */ 'any' is handled by fw4 as IPv4+6. Also prevent 'any' from triggering a validation error (non-SNAT targets hide 'snat_ip' which remains empty, and triggered an error). Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2023-12-30luci-mod-firewall: Expand on naming of forwarding rule inside the zoneJonas Dreßler
Apparently the "Forward" entry of the individual firewall zones controls forwarding within the zone (between the individual interfaces) only, and not the forwarding of packets from the zone to other zones. This is quite confusing, as the meaning is different from the global "Forward" option above, which does control forwarding between zones. Quote from user jow on the forum: > The per-zone forward controls forwarding traffic among the ifaces of this > zone. Traffic from/to other zones is handled by the global forward policy, > or individual forwardings or rules. See https://forum.openwrt.org/t/likely-bug-in-openwrt-firewall-rule-generation/18152 Let's try to be a bit more concise with the naming here and rename this entry to "Intra zone forward", which hopefully makes the difference clear. Signed-off-by: Jonas Dreßler <verdre@v0yd.nl>
2023-11-28luci-app-firewall: allow redirects using ip family anyVladislav Grigoryev
Allow creating redirects using IP family `any`. This helps redirect both IPv4 and IPv6 traffic. It is used to intercept traffic on the router. Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
2023-10-12firewall: ipsets.js: validate set namesJo-Philipp Wich
Ensure that user supplied set name values conform to the nftables identifier syntax constraints. Fixes: #6633 Fixes: 0484343903 ("luci-app-firewall: implement IPsets GUI") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-07-31luci-app-firewall: cleaning up outdated instructions on hardware NAT清靈語
2023-07-12luci-app-firewall: add reflection_zone field to forwardsJulien Cassette
This allows to to define multiple zones for NAT reflection rules. Fixes: #1560 Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
2023-06-23Merge pull request #6428 from stokito/luci-app-firewallJo-Philipp Wich
luci-app-firewall: missing variable declaration
2023-06-10luci-app-firewall: missing variable declarationSergey Ponomarev
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2023-05-16luci-app-firewall: add ICMPv6 MLD rulesJonathan G. Underwood
This adds entries for ICMPv6 MLD types. This fixes the ICMPv6 MLD types to be consistent with fw4. These types were added to fw4 in this commit: - https://github.com/openwrt/firewall4/commit/e6e82a55206cf7017f26b92f7097f779161b5cac But were omitted from the corresponding luci-app-firewall commit: - https://github.com/openwrt/luci/commit/88a016cbff7eacf3a8248bc4949904abacef6685 Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
2023-04-05luci-app-firewall: fix the IPv6 forwards/snats viewDirk Brenken
* corrects the view as IPv4 and IPv6 for rules where the family is 'any' and the IP not set (this fixes #9c55500), e.g. a forward rule like that: config redirect 'adblock_lan53' option name 'Adblock DNS (lan, 53)' option src 'lan' option proto 'tcp udp' option src_dport '53' option dest_port '53' option target 'DNAT' option family 'any' Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-03-30Merge pull request #6317 from 1715173329/of/masq6Jo-Philipp Wich
luci-app-firewall: add masq6 option for zones
2023-03-30application/luci-app-firewall: fix null accessJo-Philipp Wich
Fixes: 48086e1c7b ("luci-app-firewall: Add ipset field to snats") Fixes: d0d891c23e ("luci-app-firewall: Add ipset field to forwards (redirects)") Fixes: f407a013ba ("luci-app-firewall: Add ipset field to rules") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-03-30luci-app-firewall: add masq6 option for zonesTianling Shen
Allow configure Masquerading6 via LuCI interface. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-03-29luci-app-firewall: Add ipset field to snatsPaul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-29luci-app-firewall: Add ipset field to forwards (redirects)Paul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-29luci-app-firewall: Add ipset field to rulesPaul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-29luci-app-firewall: implement IPsets GUIPaul Dee
Enable it and place it between snats and custom tabs Tested on 22.03.2, 22.03.3 Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-16Merge pull request #6250 from systemcrash/extended_icmpJo-Philipp Wich
Extended icmp selections in firewall
2023-03-15luci-app-firewall: allow ipv6 setupChen Minqiang
Allow setup ipv6 for Port Forwards and NAT Rules if firewall4 is used. Add 'Restrict to address family' option for NAT Rules, if family is any/empty , assume it is ipv4. this allow setup NAT6 rules in web ui Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-03-15luci-app-firewall: suppress lengthy masq description in zone tableJo-Philipp Wich
Ensure that the description of the masquerade option does not end up in the grid section overview as it messes up the table layout. Fixes: c54efde717 ("luci-app-firewall: Add clarification to masquerading option") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-02-17luci-app-firewall: extend icmpv6 types availablePaul Dee
luci complement to https://github.com/openwrt/firewall4/commit/e6e82a55206cf7017f26b92f7097f779161b5cac Tested on 22.03.3 Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-02-17luci-app-firewall: remove the '', 'any' mapping in icmpv6 entriesPaul Dee
This prevents its inconsistent checked/unchecked behaviour when exiting and re-entering the dialogue. Tested on 22.03.3 Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-02-04luci-app-firewall: Add clarification to masquerading optionMartijn Staal
Signed-off-by: Martijn Staal <27222398+mastaal@users.noreply.github.com>
2022-03-30luci-app-firewall: fix misspelling of restrictionsJo-Philipp Wich
Fixes: #5749 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-16luci-app-firewall: fix setting unspecified zone on forwardingsJo-Philipp Wich
Fixes: #5685 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06luci-app-firewall: initial firewall4 compatibilityStijn Tintel
Initial changes required for firewall4 compatibility: * depend on uc-firewall instead of firewall * detect installed version of firewall and hide incompatible features Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2021-11-11luci-app-firewall: use firewall.getZoneColorStyle() in viewsJo-Philipp Wich
Use the new `firewall.getZoneColorStyle()` helper to apply background color styles. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-10luci-app-firewall: adjust zone badge markupJo-Philipp Wich
No functional changes but required for styling rules. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-08-31luci-app-firewall: add ipv6 exclusive ICMP typesPaul Dee
to firewall 'Match ICMP type' field. See issue #5213 Signed-off-by: Paul Dee <systemcrash@users.noreply.github.com>
2021-08-11firewall: more text lines for custom scriptFritz D. Ansel
10 lines are very few and there is much unused space Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
2021-08-04luci-app-firewall: replace hh.mm.ss with hh:mm:ssStan Grishin
Signed-off-by: Stan Grishin <stangri@melmac.net>
2021-03-15luci-app-firewall: simplify some form actionsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: allow negative prefix lengthsJo-Philipp Wich
Fixes: #4812 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: zones.js: fix HTML display in ct helper selectionJo-Philipp Wich
Fixes: #4845 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: fix creating multiple networks from zone network selectorJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-13luci-app-firewall: add tooltip on rules that have time restrictions enabledFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-13luci-app-firewall: add limited masquerading tooltipFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-20luci-app-firewall: fix removing networks from zoneJo-Philipp Wich
Fixes: #4608 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-10-01luci-app-firewall: rules: add ICMPv6 Packet Too Big (Type 2)Robby K
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI. Signed-off-by: Robby K <robbyke@gmail.com>
2020-07-05luci-app-firewall: migrate syn_flood option to synflood_protect on saveJo-Philipp Wich
Fixes: #4220 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-03treewide: import utility classes explicitlyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-26luci-app-firewall: use Firewall.removeZone() helperJo-Philipp Wich
Fixes: FS#2932 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2932 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-02luci-app-firewall: don't treat zone name as network fallbackJo-Philipp Wich
Drop obsolete extra logic which treats the zone name as covered network name in case the network list is unset. This behaviour applied to the pre-fw3 uci firewall, but is not supported since fw3 anymore. Ref: https://forum.openwrt.org/t/luci-zone-creation-bug/55921 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-22luci-app-firewall: snats.js: fix rewrite IP validation for SNAT targetJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-20luci-app-firewall: fix variable clash leading to incorrect family displayJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-19luci-app-firewall: add SNAT config migrationJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-19luci-app-firewall: rework rule descriptions, deduplicate codeJo-Philipp Wich
Use a simple custom format string DSL to assemble the rule description texts in the overview page. Also move common code for shared, complex cbi options to the firewall tool class. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: consolidate duplicate option codeJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'limit' and 'limit_burst' optionsJo-Philipp Wich
Also resync firewall translations. Signed-off-by: Jo-Philipp Wich <jo@mein.io>