summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-firewall/luasrc
AgeCommit message (Collapse)Author
2018-08-13luci-app-firewall: allow "open ports" when no wan zone existsJo-Philipp Wich
Arguably this makes little if no wan zone exists but prefer consistency over heuristics and always render the "open port" shortcut. Fixes #2056 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-23luci-app-firewall: cleanup template markupJo-Philipp Wich
Rework the cbi section add template markup to properly render with the latest responsive design changes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22luci-app-firewall: update cbi modelsJo-Philipp Wich
- allow multiple src/dest ips for rules (#1637) - restrict ICMP type list to ICMP protocol - add section title callbacks - remove size annotations - fix validation error with aliased zone fields (#1882) Fixes #1637, #1882. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-11luci-app-firewall: Fix typo in forwards redirectKristian Evensen
When creating a forwarding rule with protocol set to other, a user is forwarded to the configuration page. The URL for the configuration page contained a typo - the user was forwarded to admin/network/firewall/redirect/cfg... and not admin/network/firewall/forwards/cfg..., leading to a 404. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2018-06-10luci-app-firewall: disable port fields when protocol is not TCP or UDPTom Hodder
It's currently possible to generate nonsensical firewall rules by inputting combinations which include: i) protocols other than UDP/TCP ii) source and destination ports. There is some discussion of the issue on the forum here and the issue is here; #1850. This patch makes fields like src_port and dest_port depend on protocol being tcp, udp or "tcp udp" in the input, forwarding and source NAT forms. Signed-off-by: Tom Hodder <tom@limepepper.co.uk> [reword commit message, squash commits] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-08luci-app-firewall: recognize egress rules in rule overviewJo-Philipp Wich
Along with 74be6f397 ("treewide: switch firewall zone, network and iface lists to dropdown code"), this change allows luci-app-firewall to recognize OUTPUT rules. Fixes #1457. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-08treewide: switch firewall zone, network and iface lists to dropdown codeJo-Philipp Wich
Also switch the weekday and monthday lists in the firewall rule details to cbi dropdowns, vastly uncluttering the form. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-28treewide: convert HTML tables to divJo-Philipp Wich
Mostly convert HTML tables to div based markup to allow for easier styling in the future. Also change JS accessor code accordingly. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-26luci-app-firewall: expose flow offloading optionsHannu Nyman
Expose options related to routing/NAT flow offloading feature in firewall3. Offloading is available in kernel 4.14+ Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-05-07luci-app-firewall: redirect to overview page on zone details saveFlorian Eckert
This fixes an inconsistency because on the interface configuration if you press Save&Apply it will go back to overview page. It is also the case with "Firewall - Traffic Rules" details. On firewall zone it only goes back to firewall zone-detail. Same behaviour on all pages is a good user experience. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-04-06luci-app-firewall: dispatch SimpleForm model using the form() actionJo-Philipp Wich
This fixes issues dicovered by check-controllers.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-01luci-app-firewall: only show SNAT template if there are more then one zoneFlorian Eckert
Only show SNAT template if there are more then one zone. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-01luci-app-firewall: on forward rule change preselectionFlorian Eckert
Change the preselection for the src zone to wan and the dest zon to lan because this is the normal situation. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-03-01luci-app-firewall: only show portforward template if there are more then one ↵Florian Eckert
zone Only show portforward template if there are more then one zone. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-01-12luci-app-firewall: rename tr() helper function to _()Jo-Philipp Wich
Rename tr() to _() so that i18n-scan.pl picks up the language strings. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-09luci-app-firewall: show port opening cbi section independently of lan zone ↵Florian Eckert
definition Current the append traffic rules for "port forwarding" and "port opening" to the router are only shown if 'wan' and 'lan' zone are defined at once. For "port opening" to the router only need a 'wan' zone. Removing 'lan' zone dependency for 'port opening' reflect this behavior. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-08-06luci-app-firewall: Fix a word typo, arbritary -> arbitraryHsing-Wang Liao
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-07-21luci-app-firewall: fix typo dsp -> dsYousong Zhou
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-14luci-app-firewall: adjust drop_invalid default (#1068)Jo-Philipp Wich
Since firewall3 commit b33f78371e7c7b6a131c2b6c01673cbd4b3c13d1 the drop_invalid option is off by default. Adjust LuCI view to properly handle the changed semantics. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23luci-app-firewall: use new ipmask validation types when applicableJo-Philipp Wich
This allows for address specifications like "fdca:1234:0123::abcd/::ffff:ffff:ffff:ffff" which only match the last 64 bits of an address. This syntax is legal and already supported by iptables and firewall3. Fixes https://bugs.lede-project.org/index.php?do=details&task_id=417 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-20luci-app-firewall: restart firewall on /etc/firewall.user writeFlorian Eckert
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-03-31luci-app-firewall: capitalize weekday names (#691)Jo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-02-10luci-app-firewall: rely on auto-serialization for combobox choicesJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-02-10luci-app-firewall: align custom cbi teplates with new codeJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2016-01-29luci-app-firewall: drop_invalid is default on in OpenWrt nowJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-12-14applications: firewall: Add time and date for rules and redirectsDaniel Dickinson
UCI config for the firewall has the option of specifying time and date limitations; add these options the UI.
2015-10-28luci-app-firewall: limit zone name length to 11 charactersHannu Nyman
Change the maximum length of a firewall zone name from 14 to 11 characters. Longer names break iptables rule generation (max. 29 chars are allowed). XT_EXTENSION_MAXNAMELEN = 29 29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") = 11 References to: https://github.com/openwrt/luci/issues/507 https://dev.openwrt.org/ticket/20380 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-09-17luci-app-firewall: use maxlength datatype instead of validate functionHannu Nyman
Switch the zonename validation to use a compound datatype "and(uciname,maxlength(14))" instead of a separate 'validate' function. Remove the unnecessary function that was introduced by 34e875b Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-08-26firewall: validate max length of zone nameHannu Nyman
fw3 sets the maximum length of the zone name to 14 and ignores zone definitions with too long names. http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.h;hb=HEAD#l25 http://nbd.name/gitweb.cgi?p=firewall3.git;a=blob;f=zones.c;hb=HEAD#l195 Add a simple validation to ensure that the new zone name is short enough. This should fix issue #345 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2015-01-26luci-app-firewall: rework internal/external zone list handling when adding ↵Jo-Philipp Wich
forwards Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Update my email addresses in the license headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-16Globally reduce copyright headersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-01-08Rework LuCI build systemJo-Philipp Wich
* Rename subdirectories to their repective OpenWrt package names * Make each LuCI module its own standalone package * Deploy a shared luci.mk which is used by each module Makefile Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>