From 2f80fe3767207e2dbb8c5286603f49808b66a60d Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich <jo@mein.io> Date: Wed, 27 Apr 2022 13:17:03 +0200 Subject: luci-mod-status: hide iptables firewall status when nft is present Do not expose the iptables status page as menu item when nftables is present on the system. Instead add a warning banner to the nftables status page directing the user to the hidden iptables status page when we encounter legacy rules on the system. Signed-off-by: Jo-Philipp Wich <jo@mein.io> --- .../root/usr/share/luci/menu.d/luci-mod-status.json | 15 +++++++++++---- .../root/usr/share/rpcd/acl.d/luci-mod-status.json | 4 +++- 2 files changed, 14 insertions(+), 5 deletions(-) (limited to 'modules/luci-mod-status/root/usr') diff --git a/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json b/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json index 8aa58e1616..190eef0ad3 100644 --- a/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json +++ b/modules/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json @@ -24,7 +24,7 @@ }, "admin/status/iptables": { - "title": "Firewall (iptables)", + "title": "Firewall", "order": 3, "action": { "type": "view", @@ -33,14 +33,14 @@ "depends": { "acl": [ "luci-mod-status-firewall" ], "fs": [ - { "/usr/sbin/iptables": "executable" }, - { "/usr/sbin/ip6tables": "executable" } + { "/usr/sbin/nft": "absent", "/usr/sbin/iptables": "executable" }, + { "/usr/sbin/nft": "absent", "/usr/sbin/ip6tables": "executable" } ] } }, "admin/status/nftables": { - "title": "Firewall (nftables)", + "title": "Firewall", "order": 3, "action": { "type": "view", @@ -52,6 +52,13 @@ } }, + "admin/status/nftables/iptables": { + "action": { + "type": "view", + "path": "status/iptables" + } + }, + "admin/status/logs": { "title": "System Log", "order": 4, diff --git a/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json b/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json index 7ad43200a3..f0dab25af2 100644 --- a/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json +++ b/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json @@ -74,7 +74,9 @@ "/usr/sbin/nft --json list ruleset": [ "exec" ], "/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ], "/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ], - "/usr/sbin/ip6tables": [ "list" ] + "/usr/sbin/ip6tables": [ "list" ], + "/usr/sbin/iptables-save": [ "exec" ], + "/usr/sbin/ip6tables-save": [ "exec" ] }, "ubus": { "file": [ "stat" ] -- cgit v1.2.3