summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/htdocs
AgeCommit message (Collapse)Author
2024-04-05luci-app-firewall: Add 'any' choice for SNAT 'family' optionPaul Donald
If one sets a SNAT rule via the GUI as 'automatic', the 'family' remains empty. In fw4.uc code, this is interpreted as: /* default to IPv4 only for backwards compatibility, unless an explicit family any was configured */ 'any' is handled by fw4 as IPv4+6. Also prevent 'any' from triggering a validation error (non-SNAT targets hide 'snat_ip' which remains empty, and triggered an error). Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-02-21luci-app-firewall: add address range inputs for traffic rulesJo-Philipp Wich
Ref: https://forum.openwrt.org/t/question-about-firewall-rules/188656 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-12-30luci-mod-firewall: Expand on naming of forwarding rule inside the zoneJonas Dreßler
Apparently the "Forward" entry of the individual firewall zones controls forwarding within the zone (between the individual interfaces) only, and not the forwarding of packets from the zone to other zones. This is quite confusing, as the meaning is different from the global "Forward" option above, which does control forwarding between zones. Quote from user jow on the forum: > The per-zone forward controls forwarding traffic among the ifaces of this > zone. Traffic from/to other zones is handled by the global forward policy, > or individual forwardings or rules. See https://forum.openwrt.org/t/likely-bug-in-openwrt-firewall-rule-generation/18152 Let's try to be a bit more concise with the naming here and rename this entry to "Intra zone forward", which hopefully makes the difference clear. Signed-off-by: Jonas Dreßler <verdre@v0yd.nl>
2023-11-28luci-app-firewall: allow redirects using ip family anyVladislav Grigoryev
Allow creating redirects using IP family `any`. This helps redirect both IPv4 and IPv6 traffic. It is used to intercept traffic on the router. Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
2023-10-12firewall: ipsets.js: validate set namesJo-Philipp Wich
Ensure that user supplied set name values conform to the nftables identifier syntax constraints. Fixes: #6633 Fixes: 0484343903 ("luci-app-firewall: implement IPsets GUI") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-07-31luci-app-firewall: cleaning up outdated instructions on hardware NAT清靈語
2023-07-12luci-app-firewall: add reflection_zone field to forwardsJulien Cassette
This allows to to define multiple zones for NAT reflection rules. Fixes: #1560 Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
2023-06-23Merge pull request #6428 from stokito/luci-app-firewallJo-Philipp Wich
luci-app-firewall: missing variable declaration
2023-06-10luci-app-firewall: missing variable declarationSergey Ponomarev
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2023-05-16luci-app-firewall: add ICMPv6 MLD rulesJonathan G. Underwood
This adds entries for ICMPv6 MLD types. This fixes the ICMPv6 MLD types to be consistent with fw4. These types were added to fw4 in this commit: - https://github.com/openwrt/firewall4/commit/e6e82a55206cf7017f26b92f7097f779161b5cac But were omitted from the corresponding luci-app-firewall commit: - https://github.com/openwrt/luci/commit/88a016cbff7eacf3a8248bc4949904abacef6685 Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
2023-04-05luci-app-firewall: fix the IPv6 forwards/snats viewDirk Brenken
* corrects the view as IPv4 and IPv6 for rules where the family is 'any' and the IP not set (this fixes #9c55500), e.g. a forward rule like that: config redirect 'adblock_lan53' option name 'Adblock DNS (lan, 53)' option src 'lan' option proto 'tcp udp' option src_dport '53' option dest_port '53' option target 'DNAT' option family 'any' Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-03-30Merge pull request #6317 from 1715173329/of/masq6Jo-Philipp Wich
luci-app-firewall: add masq6 option for zones
2023-03-30application/luci-app-firewall: fix null accessJo-Philipp Wich
Fixes: 48086e1c7b ("luci-app-firewall: Add ipset field to snats") Fixes: d0d891c23e ("luci-app-firewall: Add ipset field to forwards (redirects)") Fixes: f407a013ba ("luci-app-firewall: Add ipset field to rules") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-03-30luci-app-firewall: add masq6 option for zonesTianling Shen
Allow configure Masquerading6 via LuCI interface. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-03-29luci-app-firewall: Add ipset field to snatsPaul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-29luci-app-firewall: Add ipset field to forwards (redirects)Paul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-29luci-app-firewall: Add ipset field to rulesPaul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-29luci-app-firewall: implement IPsets GUIPaul Dee
Enable it and place it between snats and custom tabs Tested on 22.03.2, 22.03.3 Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-16Merge pull request #6250 from systemcrash/extended_icmpJo-Philipp Wich
Extended icmp selections in firewall
2023-03-15luci-app-firewall: allow ipv6 setupChen Minqiang
Allow setup ipv6 for Port Forwards and NAT Rules if firewall4 is used. Add 'Restrict to address family' option for NAT Rules, if family is any/empty , assume it is ipv4. this allow setup NAT6 rules in web ui Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-03-15luci-app-firewall: suppress lengthy masq description in zone tableJo-Philipp Wich
Ensure that the description of the masquerade option does not end up in the grid section overview as it messes up the table layout. Fixes: c54efde717 ("luci-app-firewall: Add clarification to masquerading option") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-02-17luci-app-firewall: extend icmpv6 types availablePaul Dee
luci complement to https://github.com/openwrt/firewall4/commit/e6e82a55206cf7017f26b92f7097f779161b5cac Tested on 22.03.3 Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-02-17luci-app-firewall: remove the '', 'any' mapping in icmpv6 entriesPaul Dee
This prevents its inconsistent checked/unchecked behaviour when exiting and re-entering the dialogue. Tested on 22.03.3 Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-02-04luci-app-firewall: Add clarification to masquerading optionMartijn Staal
Signed-off-by: Martijn Staal <27222398+mastaal@users.noreply.github.com>
2022-03-30luci-app-firewall: fix misspelling of restrictionsJo-Philipp Wich
Fixes: #5749 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-16luci-app-firewall: fix setting unspecified zone on forwardingsJo-Philipp Wich
Fixes: #5685 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06luci-app-firewall: initial firewall4 compatibilityStijn Tintel
Initial changes required for firewall4 compatibility: * depend on uc-firewall instead of firewall * detect installed version of firewall and hide incompatible features Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2021-12-09luci-app-firewall: CBIProtocolSelect: properly handle unrecognized protosJo-Philipp Wich
Prevent incorrectly replacing unrecognized protocol numbers with -1. Fixes: #5587 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-11luci-app-firewall: use firewall.getZoneColorStyle() in viewsJo-Philipp Wich
Use the new `firewall.getZoneColorStyle()` helper to apply background color styles. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-10luci-app-firewall: adjust zone badge markupJo-Philipp Wich
No functional changes but required for styling rules. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-08-31luci-app-firewall: add ipv6 exclusive ICMP typesPaul Dee
to firewall 'Match ICMP type' field. See issue #5213 Signed-off-by: Paul Dee <systemcrash@users.noreply.github.com>
2021-08-11firewall: more text lines for custom scriptFritz D. Ansel
10 lines are very few and there is much unused space Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
2021-08-04luci-app-firewall: replace hh.mm.ss with hh:mm:ssStan Grishin
Signed-off-by: Stan Grishin <stangri@melmac.net>
2021-06-03luci-app-firewall: further luci-rpc/getHostHints compatibility fixesJo-Philipp Wich
Rework some further code instances to fall back to the legacy ipv4/ipv6 properties if needed. Fixes: c7b7b42cd3 ("treewide: Update JS using luci-rpc getHostHints") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-06-03treewide: Update JS using luci-rpc getHostHintsNiels Widger
Update frontend JS code which uses luci-rpc getHostHints to support the new response format which removes the `ipv4` and `ipv6` host hint string fields and replaces them with `ipaddrs` and `ip6addrs` weighted string list fields. Signed-off-by: Niels Widger <niels@qacafe.com> [rework code to be forwards/backwards compatible, fix some Network.Hosts methods, fix IP choice ordering, change commit subject, rewrap commit message] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-15luci-app-firewall: simplify some form actionsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: allow negative prefix lengthsJo-Philipp Wich
Fixes: #4812 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: zones.js: fix HTML display in ct helper selectionJo-Philipp Wich
Fixes: #4845 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-01luci-app-firewall: fix creating multiple networks from zone network selectorJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-02-19luci-app-firewall: properly handle custom multi IP/MAC inputJo-Philipp Wich
Store multiple space separated custom address values as separate uci list items in the configuration. Fixes: #4822 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-13luci-app-firewall: add tooltip on rules that have time restrictions enabledFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-01-13luci-app-firewall: add limited masquerading tooltipFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-12-16luci-app-firewall: map proto '*' and 'any' to all on rule configFlorian Eckert
Before the change, the options '*' and 'any' in the drop down were not recognized as valid options, when loaded from the uci. With this change, the options '*' and 'any' are mapped to 'all' and saved as such. This change is especially important if the proto option is changed manually to '*' or 'any' in shell and then further configured via LuCI. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-20luci-app-firewall: fix removing networks from zoneJo-Philipp Wich
Fixes: #4608 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-10-01luci-app-firewall: rules: add ICMPv6 Packet Too Big (Type 2)Robby K
The "Match ICMP type" drop-down menu was missing this ICMPv6 type. According to RFC 4890 section 4.3.1 it is essential for communications and must not be dropped. This patch allows for doing this through LuCI. Signed-off-by: Robby K <robbyke@gmail.com>
2020-07-05luci-app-firewall: migrate syn_flood option to synflood_protect on saveJo-Philipp Wich
Fixes: #4220 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-14luci-app-firewall: tools/firewall.js: honour readonly propertyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-04-03treewide: import utility classes explicitlyJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-26luci-app-firewall: use Firewall.removeZone() helperJo-Philipp Wich
Fixes: FS#2932 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2932 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-04luci-app-firewall: tools.firewall: properly handle protocol 0Jo-Philipp Wich
The existing code failed to anticipate that '' == 0 in JS. Signed-off-by: Jo-Philipp Wich <jo@mein.io>