local sys = require "luci.sys"
local dsp = require "luci.dispatcher"
+local ft = require "luci.tools.firewall"
+
+local m, s, o
arg[1] = arg[1] or ""
luci.http.redirect(m.redirect)
return
else
- local name = m:get(arg[1], "_name")
+ local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
if not name or #name == 0 then
name = translate("(Unnamed Entry)")
end
s.anonymous = true
s.addremove = false
-s:tab("general", translate("General Settings"))
-s:tab("advanced", translate("Advanced Settings"))
-
-name = s:taboption("general", Value, "_name", translate("Name"))
-name.rmempty = true
-name.size = 10
+ft.opt_enabled(s, Button)
+ft.opt_name(s, Value, translate("Name"))
-src = s:taboption("advanced", Value, "src", translate("Source zone"))
-src.nocreate = true
-src.default = "wan"
-src.template = "cbi/firewall_zonelist"
-proto = s:taboption("general", Value, "proto", translate("Protocol"))
-proto.optional = true
-proto:value("tcp udp", "TCP+UDP")
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("icmp", "ICMP")
+o = s:option(Value, "proto", translate("Protocol"))
+o:value("tcp udp", "TCP+UDP")
+o:value("tcp", "TCP")
+o:value("udp", "UDP")
+o:value("icmp", "ICMP")
-function proto.cfgvalue(...)
+function o.cfgvalue(...)
local v = Value.cfgvalue(...)
if not v or v == "tcpudp" then
return "tcp udp"
return v
end
-dport = s:taboption("general", Value, "src_dport", translate("External port"),
- translate("Match incoming traffic directed at the given " ..
- "destination port or port range on this host"))
-dport.datatype = "portrange"
-to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"),
- translate("Redirect matched incoming traffic to the specified " ..
- "internal host"))
-to.datatype = "ip4addr"
-for i, dataset in ipairs(sys.net.arptable()) do
- to:value(dataset["IP address"])
-end
-
-toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"),
- translate("Redirect matched incoming traffic to the given port on " ..
- "the internal host"))
-toport.optional = true
-toport.placeholder = "0-65535"
-toport.datatype = "portrange"
+o = s:option(Value, "src", translate("Source zone"))
+o.nocreate = true
+o.default = "wan"
+o.template = "cbi/firewall_zonelist"
-dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
-dest.nocreate = true
-dest.default = "lan"
-dest.template = "cbi/firewall_zonelist"
-
-src_dip = s:taboption("advanced", Value, "src_dip",
- translate("Intended destination address"),
- translate("Only match incoming traffic directed at the given IP address."))
-src_dip.optional = true
-src_dip.datatype = "ip4addr"
-src_dip.placeholder = translate("any")
-
-src_mac = s:taboption("advanced", DynamicList, "src_mac",
+o = s:option(DynamicList, "src_mac",
translate("Source MAC address"),
translate("Only match incoming traffic from these MACs."))
-src_mac.optional = true
-src_mac.datatype = "macaddr"
-src_mac.placeholder = translate("any")
+o.rmempty = true
+o.datatype = "macaddr"
+o.placeholder = translate("any")
+
-src_ip = s:taboption("advanced", Value, "src_ip",
+o = s:option(Value, "src_ip",
translate("Source IP address"),
translate("Only match incoming traffic from this IP or range."))
-src_ip.optional = true
-src_ip.datatype = "neg(ip4addr)"
-src_ip.placeholder = translate("any")
+o.rmempty = true
+o.datatype = "neg(ip4addr)"
+o.placeholder = translate("any")
-sport = s:taboption("advanced", Value, "src_port",
+
+o = s:option(Value, "src_port",
translate("Source port"),
translate("Only match incoming traffic originating from the given source port or port range on the client host"))
-sport.optional = true
-sport.datatype = "portrange"
-sport.placeholder = translate("any")
-
-reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback"))
-reflection.rmempty = true
-reflection.default = reflection.enabled
-reflection:depends({ target = "DNAT", src = wan_zone })
-reflection.cfgvalue = function(...)
+o.rmempty = true
+o.datatype = "portrange"
+o.placeholder = translate("any")
+
+
+o = s:option(Value, "src_dip",
+ translate("External IP address"),
+ translate("Only match incoming traffic directed at the given IP address."))
+
+o.rmempty = true
+o.datatype = "ip4addr"
+o.placeholder = translate("any")
+
+
+o = s:option(Value, "src_dport", translate("External port"),
+ translate("Match incoming traffic directed at the given " ..
+ "destination port or port range on this host"))
+o.datatype = "portrange"
+
+
+
+o = s:option(Value, "dest", translate("Internal zone"))
+o.nocreate = true
+o.default = "lan"
+o.template = "cbi/firewall_zonelist"
+
+
+o = s:option(Value, "dest_ip", translate("Internal IP address"),
+ translate("Redirect matched incoming traffic to the specified \
+ internal host"))
+o.datatype = "ip4addr"
+for i, dataset in ipairs(sys.net.arptable()) do
+ o:value(dataset["IP address"])
+end
+
+
+o = s:option(Value, "dest_port",
+ translate("Internal port"),
+ translate("Redirect matched incoming traffic to the given port on \
+ the internal host"))
+o.placeholder = translate("any")
+o.datatype = "portrange"
+
+
+o = s:option(Flag, "reflection", translate("Enable NAT Loopback"))
+o.rmempty = true
+o.default = o.enabled
+o:depends("src", wan_zone)
+o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "1"
end
+
+s:option(Value, "extra",
+ translate("Extra arguments"),
+ translate("Passes additional arguments to iptables. Use with care!"))
+
+
return m
self.map:set(created, "src_dport", e)
self.map:set(created, "dest_ip", a)
self.map:set(created, "dest_port", i)
- self.map:set(created, "_name", n)
+ self.map:set(created, "name", n)
end
if p ~= "other" then
return (self.map:get(sid, "target") ~= "SNAT")
end
-name = s:option(DummyValue, "_name", translate("Name"))
-function name.cfgvalue(self, s)
- return self.map:get(s, "_name") or "-"
-end
+
+ft.opt_name(s, DummyValue, translate("Name"))
+
proto = s:option(DummyValue, "proto", translate("Protocol"))
proto.rawhtml = true
end
end
+ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
+
return m
local dsp = require "luci.dispatcher"
local nxo = require "nixio"
+local ft = require "luci.tools.firewall"
local nw = require "luci.model.network"
local m, s, o, k, v
--
elseif rule_type == "redirect" then
- local name = m:get(arg[1], "_name")
+ local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
if not name or #name == 0 then
name = translate("(Unnamed SNAT)")
else
s.addremove = false
- o = s:option(Value, "_name", translate("Name"))
- o.rmempty = true
- o.size = 10
+ ft.opt_enabled(s, Button)
+ ft.opt_name(s, Value, translate("Name"))
o = s:option(Value, "proto",
o = s:option(Value, "src_ip", translate("Source IP address"))
o.rmempty = true
- o.datatype = "neg(ip4addr)"
+ o.datatype = "neg(ipaddr)"
o.placeholder = translate("any")
o.placeholder = translate('Do not rewrite')
+ s:option(Value, "extra",
+ translate("Extra arguments"),
+ translate("Passes additional arguments to iptables. Use with care!"))
+
+
--
-- Rule
--
else
+ local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
+ if not name or #name == 0 then
+ name = translate("(Unnamed Rule)")
+ end
+
+ m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name }
+
+
s = m:section(NamedSection, arg[1], "rule", "")
s.anonymous = true
s.addremove = false
- s:option(Value, "_name", translate("Name").." "..translate("(optional)"))
+ ft.opt_enabled(s, Button)
+ ft.opt_name(s, Value, translate("Name"))
o = s:option(ListValue, "family", translate("Restrict to address family"))
o:value("ACCEPT", translate("accept"))
o:value("REJECT", translate("reject"))
o:value("NOTRACK", translate("don't track"))
+
+
+ s:option(Value, "extra",
+ translate("Extra arguments"),
+ translate("Passes additional arguments to iptables. Use with care!"))
end
return m
self.map:set(created, "src", "wan")
self.map:set(created, "proto", (i_p ~= "other") and i_p or "all")
self.map:set(created, "dest_port", i_e)
- self.map:set(created, "_name", i_n)
+ self.map:set(created, "name", i_n)
if i_p ~= "other" and i_e and #i_e > 0 then
created = nil
self.map:set(created, "target", "ACCEPT")
self.map:set(created, "src", f_s)
self.map:set(created, "dest", f_d)
- self.map:set(created, "_name", f_n)
+ self.map:set(created, "name", f_n)
end
if created then
end
end
-name = s:option(DummyValue, "_name", translate("Name"))
-function name.cfgvalue(self, s)
- return self.map:get(s, "_name") or "-"
-end
+ft.opt_name(s, DummyValue, translate("Name"))
family = s:option(DummyValue, "family", translate("Family"))
function family.cfgvalue(self, s)
end
end
+ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
+
--
-- SNAT
self.map:set(created, "proto", "all")
self.map:set(created, "src_dip", a)
self.map:set(created, "src_dport", p)
- self.map:set(created, "_name", n)
+ self.map:set(created, "name", n)
end
if created then
return (self.map:get(sid, "target") == "SNAT")
end
-name = s:option(DummyValue, "_name", translate("Name"))
-function name.cfgvalue(self, s)
- return self.map:get(s, "_name") or "-"
-end
+ft.opt_name(s, DummyValue, translate("Name"))
proto = s:option(DummyValue, "proto", translate("Protocol"))
proto.rawhtml = true
end
end
+ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
+
return m
end
end
end
+
+
+function opt_enabled(s, t, ...)
+ if t == luci.cbi.Button then
+ local o = s:option(t, "__enabled")
+ function o.render(self, section)
+ if self.map:get(section, "enabled") ~= "0" then
+ self.title = translate("Rule is enabled")
+ self.inputtitle = translate("Disable")
+ self.inputstyle = "reset"
+ else
+ self.title = translate("Rule is disabled")
+ self.inputtitle = translate("Enable")
+ self.inputstyle = "apply"
+ end
+ t.render(self, section)
+ end
+ function o.write(self, section, value)
+ if self.map:get(section, "enabled") ~= "0" then
+ self.map:set(section, "enabled", "0")
+ else
+ self.map:del(section, "enabled")
+ end
+ end
+ return o
+ else
+ local o = s:option(t, "enabled", ...)
+ o.enabled = ""
+ o.disabled = "0"
+ o.default = o.enabled
+ return o
+ end
+end
+
+function opt_name(s, t, ...)
+ local o = s:option(t, "name", ...)
+
+ function o.cfgvalue(self, section)
+ return self.map:get(section, "name") or
+ self.map:get(section, "_name") or "-"
+ end
+
+ function o.write(self, section, value)
+ if value ~= "-" then
+ self.map:set(section, "name", value)
+ self.map:del(section, "_name")
+ else
+ self:remove(section)
+ end
+ end
+
+ function o.remove(self, section)
+ self.map:del(section, "name")
+ self.map:del(section, "_name")
+ end
+
+ return o
+end
projects / project / luci.git / commitdiff