Age | Commit message (Collapse) | Author |
|
Remove firewall hinting as discussed in #2340
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
|
Use the standard addEventListener() instead. Also remove an old
cbi_validate_field() call referencing a not existing field.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
- unused requirements removed
- unused variable and foreach loop removed
Signed-off-by: Darius <darius.joksas@teltonika.lt>
[slightly reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Arguably this makes little if no wan zone exists but prefer consistency
over heuristics and always render the "open port" shortcut.
Fixes #2056
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Rework the cbi section add template markup to properly render with the
latest responsive design changes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
- allow multiple src/dest ips for rules (#1637)
- restrict ICMP type list to ICMP protocol
- add section title callbacks
- remove size annotations
- fix validation error with aliased zone fields (#1882)
Fixes #1637, #1882.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
When creating a forwarding rule with protocol set to other, a user is
forwarded to the configuration page. The URL for the configuration page
contained a typo - the user was forwarded to
admin/network/firewall/redirect/cfg... and not
admin/network/firewall/forwards/cfg..., leading to a 404.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
It's currently possible to generate nonsensical firewall rules by inputting
combinations which include:
i) protocols other than UDP/TCP
ii) source and destination ports.
There is some discussion of the issue on the forum here and the issue is
here; #1850.
This patch makes fields like src_port and dest_port depend on protocol being
tcp, udp or "tcp udp" in the input, forwarding and source NAT forms.
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
[reword commit message, squash commits]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Along with 74be6f397
("treewide: switch firewall zone, network and iface lists to dropdown code"),
this change allows luci-app-firewall to recognize OUTPUT rules.
Fixes #1457.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Also switch the weekday and monthday lists in the firewall rule details to
cbi dropdowns, vastly uncluttering the form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Mostly convert HTML tables to div based markup to allow for easier styling
in the future. Also change JS accessor code accordingly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Expose options related to routing/NAT flow offloading
feature in firewall3. Offloading is available in kernel 4.14+
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
This fixes an inconsistency because on the interface configuration if
you press Save&Apply it will go back to overview page. It is also the
case with "Firewall - Traffic Rules" details. On firewall zone it only
goes back to firewall zone-detail. Same behaviour on all pages is a good
user experience.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
This fixes issues dicovered by check-controllers.sh
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Only show SNAT template if there are more then one zone.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Change the preselection for the src zone to wan and the dest zon to lan
because this is the normal situation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
zone
Only show portforward template if there are more then one zone.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Rename tr() to _() so that i18n-scan.pl picks up the language strings.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
definition
Current the append traffic rules for "port forwarding" and "port opening"
to the router are only shown if 'wan' and 'lan' zone are defined at
once.
For "port opening" to the router only need a 'wan' zone. Removing
'lan' zone dependency for 'port opening' reflect this behavior.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
|
|
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
Since firewall3 commit b33f78371e7c7b6a131c2b6c01673cbd4b3c13d1 the
drop_invalid option is off by default.
Adjust LuCI view to properly handle the changed semantics.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This allows for address specifications like "fdca:1234:0123::abcd/::ffff:ffff:ffff:ffff"
which only match the last 64 bits of an address. This syntax is legal and already supported
by iptables and firewall3.
Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
UCI config for the firewall has the option of specifying time and date
limitations; add these options the UI.
|
|
Change the maximum length of a firewall zone name from 14 to 11 characters.
Longer names break iptables rule generation (max. 29 chars are allowed).
XT_EXTENSION_MAXNAMELEN = 29
29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") = 11
References to:
https://github.com/openwrt/luci/issues/507
https://dev.openwrt.org/ticket/20380
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
Switch the zonename validation to use
a compound datatype "and(uciname,maxlength(14))"
instead of a separate 'validate' function.
Remove the unnecessary function that was introduced by 34e875b
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
fw3 sets the maximum length of the zone name to 14 and
ignores zone definitions with too long names.
http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.h;hb=HEAD#l25
http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.c;hb=HEAD#l195
Add a simple validation to ensure that the new zone name is short enough.
This should fix issue #345
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
forwards
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
* Rename subdirectories to their repective OpenWrt package names
* Make each LuCI module its own standalone package
* Deploy a shared luci.mk which is used by each module Makefile
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|