| Age | Commit message (Collapse) | Author |
|---|
|
- allow multiple src/dest ips for rules (#1637)
- restrict ICMP type list to ICMP protocol
- add section title callbacks
- remove size annotations
- fix validation error with aliased zone fields (#1882)
Fixes #1637, #1882.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Along with 74be6f397
("treewide: switch firewall zone, network and iface lists to dropdown code"),
this change allows luci-app-firewall to recognize OUTPUT rules.
Fixes #1457.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Also switch the weekday and monthday lists in the firewall rule details to
cbi dropdowns, vastly uncluttering the form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
This fixes an inconsistency because on the interface configuration if
you press Save&Apply it will go back to overview page. It is also the
case with "Firewall - Traffic Rules" details. On firewall zone it only
goes back to firewall zone-detail. Same behaviour on all pages is a good
user experience.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
|
|
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
Since firewall3 commit b33f78371e7c7b6a131c2b6c01673cbd4b3c13d1 the
drop_invalid option is off by default.
Adjust LuCI view to properly handle the changed semantics.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This allows for address specifications like "fdca:1234:0123::abcd/::ffff:ffff:ffff:ffff"
which only match the last 64 bits of an address. This syntax is legal and already supported
by iptables and firewall3.
Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
UCI config for the firewall has the option of specifying time and date
limitations; add these options the UI.
|
|
Change the maximum length of a firewall zone name from 14 to 11 characters.
Longer names break iptables rule generation (max. 29 chars are allowed).
XT_EXTENSION_MAXNAMELEN = 29
29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") = 11
References to:
https://github.com/openwrt/luci/issues/507
https://dev.openwrt.org/ticket/20380
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Switch the zonename validation to use
a compound datatype "and(uciname,maxlength(14))"
instead of a separate 'validate' function.
Remove the unnecessary function that was introduced by 34e875b
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
fw3 sets the maximum length of the zone name to 14 and
ignores zone definitions with too long names.
http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.h;hb=HEAD#l25
http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.c;hb=HEAD#l195
Add a simple validation to ensure that the new zone name is short enough.
This should fix issue #345
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
