summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/htdocs
AgeCommit message (Collapse)Author
2021-06-03luci-app-firewall: further luci-rpc/getHostHints compatibility fixesJo-Philipp Wich
Rework some further code instances to fall back to the legacy ipv4/ipv6 properties if needed. Fixes: c7b7b42cd3 ("treewide: Update JS using luci-rpc getHostHints") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-06-03treewide: Update JS using luci-rpc getHostHintsNiels Widger
Update frontend JS code which uses luci-rpc getHostHints to support the new response format which removes the `ipv4` and `ipv6` host hint string fields and replaces them with `ipaddrs` and `ip6addrs` weighted string list fields. Signed-off-by: Niels Widger <niels@qacafe.com> [rework code to be forwards/backwards compatible, fix some Network.Hosts methods, fix IP choice ordering, change commit subject, rewrap commit message] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-15luci-app-firewall: simplify some form actionsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: allow negative prefix lengthsJo-Philipp Wich
Fixes: #4812 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: zones.js: fix HTML display in ct helper selectionJo-Philipp Wich
Fixes: #4845 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: fix creating multiple networks from zone network selectorJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-02-19luci-app-firewall: properly handle custom multi IP/MAC inputJo-Philipp Wich
Store multiple space separated custom address values as separate uci list items in the configuration. Fixes: #4822 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-13luci-app-firewall: add tooltip on rules that have time restrictions enabledFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-13luci-app-firewall: add limited masquerading tooltipFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-12-16luci-app-firewall: map proto '*' and 'any' to all on rule configFlorian Eckert
Before the change, the options '*' and 'any' in the drop down were not recognized as valid options, when loaded from the uci. With this change, the options '*' and 'any' are mapped to 'all' and saved as such. This change is especially important if the proto option is changed manually to '*' or 'any' in shell and then further configured via LuCI. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-20luci-app-firewall: fix removing networks from zoneJo-Philipp Wich
Fixes: #4608 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-10-01luci-app-firewall: rules: add ICMPv6 Packet Too Big (Type 2)Robby K
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI. Signed-off-by: Robby K <robbyke@gmail.com>
2020-07-05luci-app-firewall: migrate syn_flood option to synflood_protect on saveJo-Philipp Wich
Fixes: #4220 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-14luci-app-firewall: tools/firewall.js: honour readonly propertyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-03treewide: import utility classes explicitlyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-26luci-app-firewall: use Firewall.removeZone() helperJo-Philipp Wich
Fixes: FS#2932 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2932 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-04luci-app-firewall: tools.firewall: properly handle protocol 0Jo-Philipp Wich
The existing code failed to anticipate that '' == 0 in JS. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-02luci-app-firewall: don't treat zone name as network fallbackJo-Philipp Wich
Drop obsolete extra logic which treats the zone name as covered network name in case the network list is unset. This behaviour applied to the pre-fw3 uci firewall, but is not supported since fw3 anymore. Ref: https://forum.openwrt.org/t/luci-zone-creation-bug/55921 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-22luci-app-firewall: snats.js: fix rewrite IP validation for SNAT targetJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-20luci-app-firewall: fix variable clash leading to incorrect family displayJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-19luci-app-firewall: add SNAT config migrationJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-19luci-app-firewall: rework rule descriptions, deduplicate codeJo-Philipp Wich
Use a simple custom format string DSL to assemble the rule description texts in the overview page. Also move common code for shared, complex cbi options to the firewall tool class. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: consolidate duplicate option codeJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'limit' and 'limit_burst' optionsJo-Philipp Wich
Also resync firewall translations. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'DSCP' action and matches for rulesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'MARK' action and matches for rulesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'mark' parameter for redirectsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'helper' and 'reflection_src' parameters for ↵Jo-Philipp Wich
redirects Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'helper' and 'set_helper' parameters for rulesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: support 'direction' and 'device' parameters for rulesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16luci-app-firewall: fix family display for port forwardsJo-Philipp Wich
The underlying fw3 program currently only does IPv4 port forwards while LuCI incorrectly reports IPv4 + IPv6 for each forward. Adjust the text accordingly to fix this. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-15luci-app-firewall: introduce support for "config nat" sectionsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-04luci-app-firewall: fix zone network defaultJo-Philipp Wich
When a `config zone` section lacks an `option network` or `list network` setting, its contained interface list defaults to the name of the zone, e.g. a zone named `foo` will implicitely contain the network `foo` unless a deviating or empty `option network` is specified. Adjust the zones.js model accordingly to reflect that implicit default. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-30luci-app-firewall: update rule ip hints based on address familyJo-Philipp Wich
Fixes: #3119 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-30luci-app-firewall: store week- and monthday restrictions as stringsJo-Philipp Wich
Fixes: FS#2661 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2661 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-22luci-app-firewall: remove obsolete "conntrack" optionJo-Philipp Wich
Fixes: #3342 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-03treewide: require ui.js explicitlyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-03luci-base, luci-app-firewall: port custom rules to client side viewJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01luci-base, luci-mod-network, luci-app-firewall: migrate luci/getHostHintsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-11luci-app-firewall: display "this new zone" instead of "undefined"Nicholas Smith
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
2019-09-11luci-app-firewall: disallow creating zone without nameJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10luci-app-firewall: filter alias interfaces in zone device selectionJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-15luci-app-firewall: fix zone overview page after rpc procedure renamingJo-Philipp Wich
The "conntrack_helpers" method has been renamed to "getConntrackHelpers". Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-14luci-app-firewall: honour global default policies in per-zone settingsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-14luci-app-firewall: drop usage of getOffloadSupport()Jo-Philipp Wich
Rely on the more generic L.hasSystemFeature() from now on. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-11luci-app-firewall: rules: sort ICMP types alphabeticallyAaron Jones
This just makes it easier to find the type one would want. No types were added or removed, only re-arranged. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
2019-08-11luci-app-firewall: rules: allow ICMPv6 ND typesAaron Jones
The "Match ICMP Type" dropdown had entries for router solicitation & router advertisements, but not the more generic neighbour solicitation & neighbour advertisements. A LAN cannot function without Neighbour Discovery; this means that setting a LAN interface default input policy to REJECT breaks IPv6 WAN access for all hosts on that LAN; as they can no longer discover their gateway's MAC address. This can be fixed with appropriate rules allowing ND input, which this patch allows one to do in LuCI. The spelling is the same as in [1]. [1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config> Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
2019-07-26luci-app-firewall: explicitely set 'DNAT' target on new forwardsJo-Philipp Wich
Fixes: #2920 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-22luci-app-firewall: add support for further per-zone optionsJo-Philipp Wich
This commit introduces support for zone devices, subnets, conntrack helpers and iptables extra options. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-21luci-app-firewall: fix cbi form for rulesJo-Philipp Wich
- Set src/dest defaults only in initial section create state, otherwise it is impossible to specify output rules - Get rid of dest_remote/dest_local widget switching and implement change logic directly in tools.widgets.CBIZoneSelect - Remove leftover debug code Ref: https://github.com/openwrt/luci/issues/2889 Signed-off-by: Jo-Philipp Wich <jo@mein.io>