From 2f80fe3767207e2dbb8c5286603f49808b66a60d Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Wed, 27 Apr 2022 13:17:03 +0200
Subject: luci-mod-status: hide iptables firewall status when nft is present

Do not expose the iptables status page as menu item when nftables is present
on the system. Instead add a warning banner to the nftables status page
directing the user to the hidden iptables status page when we encounter
legacy rules on the system.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 .../root/usr/share/luci/menu.d/luci-mod-status.json       | 15 +++++++++++----
 .../root/usr/share/rpcd/acl.d/luci-mod-status.json        |  4 +++-
 2 files changed, 14 insertions(+), 5 deletions(-)

(limited to 'modules/luci-mod-status/root/usr')

diff --git a/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json b/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json
index 8aa58e1616..190eef0ad3 100644
--- a/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json
+++ b/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json
@@ -24,7 +24,7 @@
 	},
 
 	"admin/status/iptables": {
-		"title": "Firewall (iptables)",
+		"title": "Firewall",
 		"order": 3,
 		"action": {
 			"type": "view",
@@ -33,14 +33,14 @@
 		"depends": {
 			"acl": [ "luci-mod-status-firewall" ],
 			"fs": [
-				{ "/usr/sbin/iptables": "executable" },
-				{ "/usr/sbin/ip6tables": "executable" }
+				{ "/usr/sbin/nft": "absent", "/usr/sbin/iptables": "executable" },
+				{ "/usr/sbin/nft": "absent", "/usr/sbin/ip6tables": "executable" }
 			]
 		}
 	},
 
 	"admin/status/nftables": {
-		"title": "Firewall (nftables)",
+		"title": "Firewall",
 		"order": 3,
 		"action": {
 			"type": "view",
@@ -52,6 +52,13 @@
 		}
 	},
 
+	"admin/status/nftables/iptables": {
+		"action": {
+			"type": "view",
+			"path": "status/iptables"
+		}
+	},
+
 	"admin/status/logs": {
 		"title": "System Log",
 		"order": 4,
diff --git a/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json b/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json
index 7ad43200a3..f0dab25af2 100644
--- a/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json
+++ b/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json
@@ -74,7 +74,9 @@
 				"/usr/sbin/nft --json list ruleset": [ "exec" ],
 				"/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
 				"/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ],
-				"/usr/sbin/ip6tables": [ "list" ]
+				"/usr/sbin/ip6tables": [ "list" ],
+				"/usr/sbin/iptables-save": [ "exec" ],
+				"/usr/sbin/ip6tables-save": [ "exec" ]
 			},
 			"ubus": {
 				"file": [ "stat" ]
-- 
cgit v1.2.3