From 17f3e03930a79aecbb6ebcf851e47473d099ad32 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Sun, 11 Aug 2019 06:08:07 +0000
Subject: luci-app-firewall: rules: allow ICMPv6 ND types

The "Match ICMP Type" dropdown had entries for router
solicitation & router advertisements, but not the more
generic neighbour solicitation & neighbour advertisements.

A LAN cannot function without Neighbour Discovery; this
means that setting a LAN interface default input policy to
REJECT breaks IPv6 WAN access for all hosts on that LAN;
as they can no longer discover their gateway's MAC address.
This can be fixed with appropriate rules allowing ND input,
which this patch allows one to do in LuCI.

The spelling is the same as in [1].

[1] <https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/config/firewall/files/firewall.config>

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
---
 .../htdocs/luci-static/resources/view/firewall/rules.js                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index 4252cf3691..e0c858fc41 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -247,6 +247,8 @@ return L.view.extend({
 		o.value('echo-request');
 		o.value('router-advertisement');
 		o.value('router-solicitation');
+		o.value('neighbour-advertisement');
+		o.value('neighbour-solicitation');
 		o.value('time-exceeded');
 		o.value('ttl-zero-during-transit');
 		o.value('ttl-zero-during-reassembly');
-- 
cgit v1.2.3


From f7cb913d10415b3e55101bea871def14cd0d33bd Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Sun, 11 Aug 2019 06:13:15 +0000
Subject: luci-app-firewall: rules: sort ICMP types alphabetically

This just makes it easier to find the type one would want.
No types were added or removed, only re-arranged.

Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
---
 .../luci-static/resources/view/firewall/rules.js   | 56 +++++++++++-----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index e0c858fc41..a7924b1076 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -221,44 +221,44 @@ return L.view.extend({
 		o.cast = 'table';
 		o.placeholder = _('any');
 		o.value('', 'any');
-		o.value('echo-reply');
+		o.value('address-mask-reply');
+		o.value('address-mask-request');
+		o.value('communication-prohibited');
 		o.value('destination-unreachable');
-		o.value('network-unreachable');
-		o.value('host-unreachable');
-		o.value('protocol-unreachable');
-		o.value('port-unreachable');
+		o.value('echo-reply');
+		o.value('echo-request');
 		o.value('fragmentation-needed');
-		o.value('source-route-failed');
-		o.value('network-unknown');
+		o.value('host-precedence-violation');
+		o.value('host-prohibited');
+		o.value('host-redirect');
 		o.value('host-unknown');
+		o.value('host-unreachable');
+		o.value('ip-header-bad');
+		o.value('neighbour-advertisement');
+		o.value('neighbour-solicitation');
 		o.value('network-prohibited');
-		o.value('host-prohibited');
-		o.value('TOS-network-unreachable');
-		o.value('TOS-host-unreachable');
-		o.value('communication-prohibited');
-		o.value('host-precedence-violation');
+		o.value('network-redirect');
+		o.value('network-unknown');
+		o.value('network-unreachable');
+		o.value('parameter-problem');
+		o.value('port-unreachable');
 		o.value('precedence-cutoff');
-		o.value('source-quench');
+		o.value('protocol-unreachable');
 		o.value('redirect');
-		o.value('network-redirect');
-		o.value('host-redirect');
-		o.value('TOS-network-redirect');
-		o.value('TOS-host-redirect');
-		o.value('echo-request');
+		o.value('required-option-missing');
 		o.value('router-advertisement');
 		o.value('router-solicitation');
-		o.value('neighbour-advertisement');
-		o.value('neighbour-solicitation');
+		o.value('source-quench');
+		o.value('source-route-failed');
 		o.value('time-exceeded');
-		o.value('ttl-zero-during-transit');
-		o.value('ttl-zero-during-reassembly');
-		o.value('parameter-problem');
-		o.value('ip-header-bad');
-		o.value('required-option-missing');
-		o.value('timestamp-request');
 		o.value('timestamp-reply');
-		o.value('address-mask-request');
-		o.value('address-mask-reply');
+		o.value('timestamp-request');
+		o.value('TOS-host-redirect');
+		o.value('TOS-host-unreachable');
+		o.value('TOS-network-redirect');
+		o.value('TOS-network-unreachable');
+		o.value('ttl-zero-during-reassembly');
+		o.value('ttl-zero-during-transit');
 		o.depends('proto', 'icmp');
 
 		o = s.taboption('general', widgets.ZoneSelect, 'src', _('Source zone'));
-- 
cgit v1.2.3