-let fs = require("fs");
-let uci = require("uci");
-let ubus = require("ubus");
+const fs = require("fs");
+const uci = require("uci");
+const ubus = require("ubus");
-let STATEFILE = "/var/run/fw4.state";
+const STATEFILE = "/var/run/fw4.state";
-let PARSE_LIST = 0x01;
-let FLATTEN_LIST = 0x02;
-let NO_INVERT = 0x04;
-let UNSUPPORTED = 0x08;
-let REQUIRED = 0x10;
-let DEPRECATED = 0x20;
+const PARSE_LIST = 0x01;
+const FLATTEN_LIST = 0x02;
+const NO_INVERT = 0x04;
+const UNSUPPORTED = 0x08;
+const REQUIRED = 0x10;
+const DEPRECATED = 0x20;
-let ipv4_icmptypes = {
+const ipv4_icmptypes = {
"any": [ 0xFF, 0, 0xFF ],
"echo-reply": [ 0, 0, 0xFF ],
"pong": [ 0, 0, 0xFF ], /* Alias */
"address-mask-reply": [ 18, 0, 0xFF ]
};
-let ipv6_icmptypes = {
+const ipv6_icmptypes = {
"destination-unreachable": [ 1, 0, 0xFF ],
"no-route": [ 1, 0, 0 ],
"communication-prohibited": [ 1, 1, 1 ],
"redirect": [ 137, 0, 0xFF ]
};
-let dscp_classes = {
+const dscp_classes = {
"CS0": 0x00,
"CS1": 0x08,
"CS2": 0x10,
let bits = 0;
for (let i = 0, z = false; i < length(a); i++) {
- z = z || !a[i];
+ z ||= !a[i];
while (!z && (a[i] & 0x80)) {
a[i] = (a[i] << 1) & 0xff;
let rv = {};
for (let ag in to_array(x)) {
- for (let a in filter(ag.addrs, a => (a.family == 4))) {
- rv[0] = rv[0] || [];
- push(rv[0], { ...a, invert: ag.invert });
- }
+ for (let a in filter(ag.addrs, a => (a.family == 4)))
+ push(rv[0] ||= [], { ...a, invert: ag.invert });
- for (let a in filter(ag.addrs, a => (a.family == 6))) {
- rv[1] = rv[1] || [];
- push(rv[1], { ...a, invert: ag.invert });
- }
+ for (let a in filter(ag.addrs, a => (a.family == 6)))
+ push(rv[1] ||= [], { ...a, invert: ag.invert });
}
if (rv[0] || rv[1])
}
return by
- ? sprintf('references IPv%d only %s but is restricted to IPv%d by %s', obj.family, desc, res, by)
- : sprintf('is restricted to IPv%d but referenced %s is IPv%d only', res, desc, obj.family);
+ ? `references IPv${obj.family} only ${desc} but is restricted to IPv${res} by ${by}`
+ : `is restricted to IPv${res} but referenced ${desc} is IPv${obj.family} only`;
}
}
let fields = [];
for (let i, t in set.types) {
- let dir = (((match.dir && match.dir[i]) || set.directions[i] || 'src') == 'src' ? 's' : 'd');
+ let dir = ((match.dir?.[i] || set.directions[i] || 'src') == 'src' ? 's' : 'd');
switch (t) {
case 'ipv4_addr':
- fields[i] = sprintf('ip %saddr', dir);
+ fields[i] = `ip ${dir}saddr`;
break;
case 'ipv6_addr':
- fields[i] = sprintf('ip6 %saddr', dir);
+ fields[i] = `ip6 ${dir}saddr`;
break;
case 'ether_addr':
break;
case 'inet_service':
- fields[i] = sprintf('%s %sport', proto, dir);
+ fields[i] = `${proto} ${dir}port`;
break;
}
}
}
function resolve_lower_devices(devstatus, devname) {
- let dir = fs.opendir("/sys/class/net/" + devname);
+ let dir = fs.opendir(`/sys/class/net/${devname}`);
let devs = [];
if (dir) {
item => (type(item) == "object" && !item.metainfo));
}
catch (e) {
- warn(sprintf("Unable to parse nftables JSON output: %s\n", e));
+ warn(`Unable to parse nftables JSON output: ${e}\n`);
}
nft.close();
}
else {
- warn(sprintf("Unable to popen() %s: %s\n", cmd, fs.error()));
+ warn(`Unable to popen() ${cmd}: ${fs.error()}\n`);
}
return info || [];
}
function nft_try_hw_offload(devices) {
- let nft_test =
- 'add table inet fw4-hw-offload-test; ' +
- 'add flowtable inet fw4-hw-offload-test ft { ' +
- 'hook ingress priority 0; ' +
- 'devices = { "' + join('", "', devices) + '" }; ' +
- 'flags offload; ' +
- '}';
+ let nft_test = `
+ add table inet fw4-hw-offload-test;
+ add flowtable inet fw4-hw-offload-test ft {
+ hook ingress priority 0;
+ devices = { "${join('", "', devices)}" };
+ flags offload;
+ }
+ `;
- let rc = system(sprintf("/usr/sbin/nft -c '%s' 2>/dev/null", replace(nft_test, "'", "'\\''")));
+ let rc = system(`/usr/sbin/nft -c '${replace(nft_test, "'", "'\\''")}' 2>/dev/null`);
return (rc == 0);
}
state = json(fd.read("all"));
}
catch (e) {
- warn(sprintf("Unable to parse '%s': %s\n", STATEFILE, e));
+ warn(`Unable to parse '${STATEFILE}': ${e}\n`);
}
fd.close();
bus.disconnect();
}
else {
- warn(sprintf("Unable to connect to ubus: %s\n", ubus.error()));
+ warn(`Unable to connect to ubus: ${ubus.error()}\n`);
}
// Gather logical network information from ubus
//
- if (type(ifaces) == "object" && type(ifaces.interface) == "array") {
+ if (type(ifaces?.interface) == "array") {
for (let ifc in ifaces.interface) {
let net = {
up: ifc.up,
if (type(ifc["ipv4-address"]) == "array") {
for (let addr in ifc["ipv4-address"]) {
- net.ipaddrs = net.ipaddrs || [];
- push(net.ipaddrs, {
+ push(net.ipaddrs ||= [], {
family: 4,
addr: addr.address,
mask: to_mask(addr.mask, false),
if (type(ifc["ipv6-address"]) == "array") {
for (let addr in ifc["ipv6-address"]) {
- net.ipaddrs = net.ipaddrs || [];
- push(net.ipaddrs, {
+ push(net.ipaddrs ||= [], {
family: 6,
addr: addr.address,
mask: to_mask(addr.mask, true),
if (type(ifc["ipv6-prefix-assignment"]) == "array") {
for (let addr in ifc["ipv6-prefix-assignment"]) {
if (addr["local-address"]) {
- net.ipaddrs = net.ipaddrs || [];
- push(net.ipaddrs, {
+ push(net.ipaddrs ||= [], {
family: 6,
addr: addr["local-address"].address,
mask: to_mask(addr["local-address"].mask, true),
}
}
- if (type(ifc.data) == "object" && type(ifc.data.firewall) == "array") {
+ if (type(ifc.data?.firewall) == "array") {
let n = 0;
for (let rulespec in ifc.data.firewall) {
push(rules, {
...rulespec,
- name: (rulespec.type != 'ipset') ? sprintf('ubus:%s[%s] %s %d', ifc.interface, ifc.proto, rulespec.type || 'rule', n) : rulespec.name,
+ name: (rulespec.type != 'ipset') ? `ubus:${ifc.interface}[${ifc.proto}] ${rulespec.type || 'rule'} ${n}` : rulespec.name,
device: rulespec.device || ifc.l3_device
});
if (type(services) == "object") {
for (let svcname, service in services) {
- if (type(service) == "object" && type(service.firewall) == "array") {
+ if (type(service?.firewall) == "array") {
let n = 0;
for (let rulespec in services[svcname].firewall) {
push(rules, {
...rulespec,
- name: (rulespec.type != 'ipset') ? sprintf('ubus:%s %s %d', svcname, rulespec.type || 'rule', n) : rulespec.name
+ name: (rulespec.type != 'ipset') ? `ubus:${svcname} ${rulespec.type || 'rule'} ${n}` : rulespec.name
});
n++;
}
for (let svcinst, instance in service) {
- if (type(instance) == "object" && type(instance.firewall) == "array") {
+ if (type(instance?.firewall) == "array") {
let n = 0;
for (let rulespec in instance.firewall) {
push(rules, {
...rulespec,
- name: (rulespec.type != 'ipset') ? sprintf('ubus:%s[%s] %s %d', svcname, svcinst, rulespec.type || 'rule', n) : rulespec.name
+ name: (rulespec.type != 'ipset') ? `ubus:${svcname}[${svcinst}] ${rulespec.type || 'rule'} ${n}` : rulespec.name
});
n++;
fd.close();
}
else {
- warn("Unable to write '%s': %s\n", STATEFILE, fs.error());
+ warn(`Unable to write '${STATEFILE}': ${fs.error()}\n`);
}
}
},
let msg = sprintf(fmt, ...args);
if (getenv("TTY"))
- warn("\033[33m", msg, "\033[m\n");
+ warn(`\033[33m${msg}\033[m\n`);
else
- warn("[!] ", msg, "\n");
+ warn(`[!] ${msg}\n`);
},
get: function(sid, opt) {
let rv = {};
for (let key, val in spec) {
- let datatype = "parse_" + val[0],
+ let datatype = `parse_${val[0]}`,
defval = val[1],
flags = val[2] || 0,
parsefn = (flags & PARSE_LIST) ? "parse_list" : "parse_opt";
return false;
if (type(res) == "object" && res.invert && (flags & NO_INVERT)) {
- this.warn_section(s, "option '" + key + '" must not be negated');
+ this.warn_section(s, `option '${key}' must not be negated`);
return false;
}
if (res != null) {
if (flags & DEPRECATED)
- this.warn_section(s, "option '" + key + "' is deprecated by fw4");
+ this.warn_section(s, `option '${key}' is deprecated by fw4`);
else if (flags & UNSUPPORTED)
- this.warn_section(s, "option '" + key + "' is not supported by fw4");
+ this.warn_section(s, `option '${key}' is not supported by fw4`);
else
rv[key] = res;
}
for (let opt in s) {
if (index(opt, '.') != 0 && opt != 'type' && !exists(spec, opt)) {
- this.warn_section(s, "specifies unknown option '" + opt + "'");
+ this.warn_section(s, `specifies unknown option '${opt}'`);
}
}
c++;
});
- return sprintf("@%s[%d]", s[".type"], c);
+ return `@${s['.type']}[${c}]`;
}
return s[".name"];
let dir = split(rv.val, /[ \t,]/);
for (let i = 0; i < 3 && i < length(dir); i++) {
- if (dir[i] == "dst" || dir[i] == "dest") {
- rv.dir = rv.dir || [];
- rv.dir[i] = "dst";
- }
- else if (dir[i] == "src") {
- rv.dir = rv.dir || [];
- rv.dir[i] = "src";
- }
+ if (dir[i] == "dst" || dir[i] == "dest")
+ (rv.dir ||= [])[i] = "dst";
+ else if (dir[i] == "src")
+ (rv.dir ||= [])[i] = "src";
}
return length(rv.name) ? rv : null;
let d = m ? match(m[1], /^([0-9]{1,4})(-([0-9]{1,2})(-([0-9]{1,2}))?)?$/) : null;
let t = this.parse_time(m[2]);
- d[3] = d[3] || 1;
- d[5] = d[5] || 1;
+ d[3] ||= 1;
+ d[5] ||= 1;
if (d == null || d[1] < 1970 || d[1] > 2038 || d[3] < 1 || d[3] > 12 || d[5] < 1 || d[5] > 31)
return null;
if (!day)
return null;
- rv.days = rv.days || {};
- rv.days[day] = true;
+ (rv.days ||= {})[day] = true;
}
rv.days = keys(rv.days);
if (day < 1 || day > 31)
return null;
- rv.days = rv.days || [];
- rv.days[day] = true;
+ (rv.days ||= [])[day] = true;
}
return rv.days ? rv : null;
default: this.warn("Set entry '%s' resolves to multiple addresses, using first one", values[i]);
}
- rv[i] = ("net" in set.fw4types) ? ip[0].addr + "/" + ip[0].bits : ip[0].addr;
+ rv[i] = ("net" in set.fw4types) ? `${ip[0].addr}/${ip[0].bits}` : ip[0].addr;
break;
case 'ipv6_addr':
case 2: this.warn("Set entry '%s' resolves to multiple addresses, using first one", values[i]);
}
- rv[i] = ("net" in set.fw4types) ? ip[0].addr + "/" + ip[0].bits : ip[0].addr;
+ rv[i] = ("net" in set.fw4types) ? `${ip[0].addr}/${ip[0].bits}` : ip[0].addr;
break;
if (val === null) {
if (flags & REQUIRED) {
- this.warn_section(s, "option '" + opt + "' is mandatory but not set");
+ this.warn_section(s, `option '${opt}' is mandatory but not set`);
return NaN;
}
}
if (type(val) == "array") {
- this.warn_section(s, "option '" + opt + "' must not be a list");
+ this.warn_section(s, `option '${opt}' must not be a list`);
return NaN;
}
else if (val == null) {
let res = this[fn](val);
if (res === null) {
- this.warn_section(s, "option '" + opt + "' specifies invalid value '" + val + "'");
+ this.warn_section(s, `option '${opt}' specifies invalid value '${val}'`);
return NaN;
}
if (val == null) {
if (flags & REQUIRED) {
- this.warn_section(s, "option '" + opt + "' is mandatory but not set");
+ this.warn_section(s, `option '${opt}' is mandatory but not set`);
return NaN;
}
let res = this[fn](val);
if (res === null) {
- this.warn_section(s, "option '" + opt + "' specifies invalid value '" + val + "'");
+ this.warn_section(s, `option '${opt}' specifies invalid value '${val}'`);
return NaN;
}
quote: function(s, force) {
if (force === true || !match(s, /^([0-9A-Fa-f:.\/-]+)( \. [0-9A-Fa-f:.\/-]+)*$/))
- return sprintf('"%s"', replace(s + "", /(["\\])/g, '\\$1'));
+ return `"${replace(s + "", /(["\\])/g, '\\$1')}"`;
return s;
},
cidr: function(a) {
if (a.range)
- return sprintf("%s-%s", a.addr, a.addr2);
+ return `${a.addr}-${a.addr2}`;
if ((a.family == 4 && a.bits == 32) ||
(a.family == 6 && a.bits == 128))
return a.addr;
if (a.bits >= 0)
- return sprintf("%s/%d", apply_mask(a.addr, a.bits), a.bits);
+ return `${apply_mask(a.addr, a.bits)}/${a.bits}`;
- return sprintf("%s/%s", a.addr, a.mask);
+ return `${a.addr}/${a.mask}`;
},
host: function(a, v6brackets) {
return a.range
- ? sprintf("%s-%s", a.addr, a.addr2)
- : sprintf((a.family == 6 && v6brackets) ? "[%s]" : "%s", apply_mask(a.addr, a.bits));
+ ? `${a.addr}-${a.addr2}`
+ : (a.family == 6 && v6brackets)
+ ? `[${apply_mask(a.addr, a.bits)}]` : apply_mask(a.addr, a.bits);
},
port: function(p) {
if (p.min == p.max)
- return sprintf('%d', p.min);
+ return `${p.min}`;
- return sprintf('%d-%d', p.min, p.max);
+ return `${p.min}-${p.max}`;
},
set: function(v, force) {
v = filter(to_array(v), item => !seen[item]++);
if (force || length(v) != 1)
- return sprintf('{ %s }', join(', ', map(v, this.quote)));
+ return `{ ${join(', ', map(v, this.quote))} }`;
return this.quote(v[0]);
},
},
is_loopback_dev: function(dev) {
- let fd = fs.open(sprintf("/sys/class/net/%s/flags", dev), "r");
+ let fd = fs.open(`/sys/class/net/${dev}/flags`, "r");
if (!fd)
return false;
let fd = fs.open(set.loadfile, "r");
if (!fd) {
- warn(sprintf("Unable to load file '%s' for set '%s': %s\n",
- set.loadfile, set.name, fs.error()));
+ warn(`Unable to load file '${set.loadfile}' for set '${set.name}': ${fs.error()}\n`);
return;
}
let v = this.parse_ipsetentry(line, set);
if (!v) {
- this.warn("Skipping invalid entry '%s' in file '%s' for set '%s'",
- line, set.loadfile, set.name);
+ this.warn(`Skipping invalid entry '${line}' in file '${set.loadfile}' for set '${set.name}'`);
continue;
}
return;
}
- helper.available = ((fs.stat("/sys/module/" + helper.module) || {}).type == "directory");
+ helper.available = (fs.stat(`/sys/module/${helper.module}`)?.type == "directory");
- this.state.helpers = this.state.helpers || [];
- push(this.state.helpers, helper);
+ push(this.state.helpers ||= [], helper);
},
parse_defaults: function(data) {
return;
}
else if (zone.helper && !zone.helper.available) {
- this.warn_section(data, "uses unavailable ct helper '" + zone.helper.name + "', ignoring section");
+ this.warn_section(data, `uses unavailable ct helper '${zone.helper.name}', ignoring section`);
return;
}
return;
}
- if (this.state.defaults && this.state.defaults.auto_helper === false)
+ if (this.state.defaults?.auto_helper === false)
zone.auto_helper = false;
let match_devices = [];
]);
if (type(family) == "string") {
- this.warn_section(data, family + ", skipping");
+ this.warn_section(data, `${family}, skipping`);
return;
}
let m = match(device.device, /^([^+]*)(\+)?$/);
if (!m) {
- this.warn_section(data, "skipping invalid wildcard pattern '" + device.device + '"');
+ this.warn_section(data, `skipping invalid wildcard pattern '${device.device}'`);
continue;
}
continue;
for (let proto in helper.proto) {
- this.state.rules = this.state.rules || [];
- push(this.state.rules, {
- chain: "helper_" + zone.name,
+ push(this.state.rules ||= [], {
+ chain: `helper_${zone.name}`,
family: helper.family,
name: helper.description || helper.name,
proto: proto,
}
}
- this.state.zones = this.state.zones || [];
- push(this.state.zones, zone);
+ push(this.state.zones ||= [], zone);
},
parse_forwarding: function(data) {
proto: { any: true }
};
- f.name = fwd.name || sprintf("Accept %s to %s forwarding",
- fwd.src.any ? "any" : fwd.src.zone.name,
- fwd.dest.any ? "any" : fwd.dest.zone.name);
-
- f.chain = fwd.src.any ? "forward" : sprintf("forward_%s", fwd.src.zone.name);
+ f.name ||= `Accept ${fwd.src.any ? "any" : fwd.src.zone.name} to ${fwd.dest.any ? "any" : fwd.dest.zone.name} forwarding`;
+ f.chain = fwd.src.any ? "forward" : `forward_${fwd.src.zone.name}`;
if (fwd.dest.any)
f.target = "accept";
else
- f.jump_chain = sprintf("accept_to_%s", fwd.dest.zone.name);
+ f.jump_chain = `accept_to_${fwd.dest.zone.name}`;
- this.state.rules = this.state.rules || [];
- push(this.state.rules, f);
+ push(this.state.rules ||= [], f);
};
if (f1 && f2 && f1 != f2) {
this.warn_section(data,
- sprintf("references src %s restricted to %s and dest %s restricted to %s, ignoring forwarding",
- fwd.src.zone.name, this.nfproto(f1, true),
- fwd.dest.zone.name, this.nfproto(f2, true)));
+ `references src ${fwd.src.zone.name} restricted to ${this.nfproto(f1, true)} and dest ${fwd.dest.zone.name} restricted to ${this.nfproto(f2, true)}, ignoring forwarding`);
return;
}
else if (f1) {
this.warn_section(data,
- sprintf("inheriting %s restriction from src %s",
- this.nfproto(f1, true), fwd.src.zone.name));
+ `inheriting ${this.nfproto(f1, true)} restriction from src ${fwd.src.zone.name}`);
family = f1;
}
else if (f2) {
this.warn_section(data,
- sprintf("inheriting %s restriction from dest %s",
- this.nfproto(f2, true), fwd.dest.zone.name));
+ `inheriting ${this.nfproto(f2, true)} restriction from dest ${fwd.dest.zone.name}`);
family = f2;
}
}
if (rule.target in ["helper", "notrack"] && (!rule.src || !rule.src.zone)) {
- this.warn_section(data, "must specify a source zone for target '" + rule.target + "'");
+ this.warn_section(data, `must specify a source zone for target '${rule.target}'`);
return;
}
else if (rule.target == "dscp" && !rule.set_dscp) {
ipset = filter(this.state.ipsets, s => (s.name == rule.ipset.name))[0];
if (!ipset) {
- this.warn_section(data, "references unknown set '" + rule.ipset.name + "'");
+ this.warn_section(data, `references unknown set '${rule.ipset.name}'`);
return;
}
}
}
- let need_src_action_chain = (rule) => (rule.src && rule.src.zone && rule.src.zone.log && rule.target != "accept");
+ let need_src_action_chain = (rule) => (rule.src?.zone?.log && rule.target != "accept");
let add_rule = (family, proto, saddrs, daddrs, sports, dports, icmptypes, icmpcodes, ipset, rule) => {
let r = {
smacs_pos: map(filter_pos(rule.src_mac), m => m.mac),
smacs_neg: map(filter_neg(rule.src_mac), m => m.mac),
icmp_types: map(icmptypes, i => (family == 4 ? i.type : i.type6)),
- icmp_codes: map(icmpcodes, ic => sprintf('%d . %d', (family == 4) ? ic.type : ic.type6, (family == 4) ? ic.code_min : ic.code6_min))
+ icmp_codes: map(icmpcodes, ic => `${(family == 4) ? ic.type : ic.type6} . ${(family == 4) ? ic.code_min : ic.code6_min}`)
};
if (!length(r.icmp_types))
}
if (r.target == "notrack") {
- r.chain = sprintf("notrack_%s", r.src.zone.name);
+ r.chain = `notrack_${r.src.zone.name}`;
r.src.zone.dflags.notrack = true;
}
else if (r.target == "helper") {
- r.chain = sprintf("helper_%s", r.src.zone.name);
+ r.chain = `helper_${r.src.zone.name}`;
r.src.zone.dflags.helper = true;
}
else if (r.target == "mark" || r.target == "dscp") {
if (r.src) {
if (!r.src.any)
- r.chain = sprintf("%s_%s", r.dest ? "forward" : "input", r.src.zone.name);
+ r.chain = `${r.dest ? "forward" : "input"}_${r.src.zone.name}`;
else
r.chain = r.dest ? "forward" : "input";
}
}
if (r.dest && !r.dest.any) {
- r.jump_chain = sprintf("%s_to_%s", r.target, r.dest.zone.name);
+ r.jump_chain = `${r.target}_to_${r.dest.zone.name}`;
r.dest.zone.dflags[r.target] = true;
}
else if (need_src_action_chain(r)) {
- r.jump_chain = sprintf("%s_from_%s", r.target, r.src.zone.name);
+ r.jump_chain = `${r.target}_from_${r.src.zone.name}`;
r.src.zone.sflags[r.target] = true;
}
else if (r.target == "reject")
if (r.device)
r[r.direction ? "oifnames" : "iifnames"] = [ r.device.device ];
- this.state.rules = this.state.rules || [];
- push(this.state.rules, r);
+ push(this.state.rules ||= [], r);
};
for (let proto in rule.proto) {
]);
if (type(family) == "string") {
- this.warn_section(data, family + ", skipping");
+ this.warn_section(data, `${family}, skipping`);
continue;
}
ipset = filter(this.state.ipsets, s => (s.name == redir.ipset.name))[0];
if (!ipset) {
- this.warn_section(data, "references unknown set '" + redir.ipset.name + "'");
+ this.warn_section(data, `references unknown set '${redir.ipset.name}'`);
return;
}
return this.warn_section(data, "must not use non-contiguous masks in 'dest_ip'");
if (!redir.dest && redir.dest_ip && resolve_dest(redir))
- this.warn_section(data, "does not specify a destination, assuming '" + redir.dest.zone.name + "'");
+ this.warn_section(data, `does not specify a destination, assuming '${redir.dest.zone.name}'`);
if (!redir.dest_port)
redir.dest_port = redir.src_dport;
- if (redir.reflection && redir.dest && redir.dest.zone && redir.src.zone.masq) {
+ if (redir.reflection && redir.dest?.zone && redir.src.zone.masq) {
redir.dest.zone.dflags.accept = true;
redir.dest.zone.dflags.dnat = true;
redir.dest.zone.dflags.snat = true;
switch (r.target) {
case "dnat":
- r.chain = sprintf("dstnat_%s", r.src.zone.name);
+ r.chain = `dstnat_${r.src.zone.name}`;
r.src.zone.dflags.dnat = true;
if (!r.raddr)
break;
case "snat":
- r.chain = sprintf("srcnat_%s", r.dest.zone.name);
+ r.chain = `srcnat_${r.dest.zone.name}`;
r.dest.zone.dflags.snat = true;
break;
}
- this.state.redirects = this.state.redirects || [];
- push(this.state.redirects, r);
+ push(this.state.redirects ||= [], r);
};
let to_hostaddr = (a) => {
]);
if (type(family) == "string") {
- this.warn_section(data, family + ", skipping");
+ this.warn_section(data, `${family}, skipping`);
continue;
}
if (redir.target == "dnat" && redir.reflection &&
(length(rip[0]) || length(rip[1])) && redir.src?.zone && redir.dest?.zone) {
let refredir = {
- name: redir.name + " (reflection)",
+ name: `${redir.name} (reflection)`,
helper: redir.helper,
for (let rzone in rzones) {
if (!is_family(rzone, family)) {
this.warn_section(data,
- sprintf("is restricted to IPv%d but referenced reflection zone is IPv%d only, skipping",
- family, rzone.family));
+ `is restricted to IPv${family} but referenced reflection zone is IPv${rzone.family} only, skipping`);
continue;
}
}
if (!snat_addr) {
- this.warn_section(data, (redir.reflection_src || "external") + " rewrite IP cannot be determined, disabling reflection");
+ this.warn_section(data, `${redir.reflection_src || "external"} rewrite IP cannot be determined, disabling reflection`);
}
else if (!length(iaddrs[i])) {
this.warn_section(data, "internal address range cannot be determined, disabling reflection");
raddr: raddrs ? raddrs[0] : null,
rport: rport,
- chain: (snat.src && snat.src.zone) ? sprintf("srcnat_%s", snat.src.zone.name) : "srcnat"
+ chain: snat.src?.zone ? `srcnat_${snat.src.zone.name}` : "srcnat"
};
- this.state.redirects = this.state.redirects || [];
- push(this.state.redirects, n);
+ push(this.state.redirects ||= [], n);
};
for (let proto in snat.proto) {
]);
if (type(family) == "string") {
- this.warn_section(data, family + ", skipping");
+ this.warn_section(data, `${family}, skipping`);
continue;
}
interval: interval
};
- let self = this;
s.entries = filter(map(ipset.entry, (e) => {
- let v = self.parse_ipsetentry(e, s);
+ let v = this.parse_ipsetentry(e, s);
if (!v)
- self.warn_section(data, "ignoring invalid ipset entry '" + e + "'");
+ this.warn_section(data, `ignoring invalid ipset entry '${e}'`);
return v;
}), (e) => (e != null));
- this.state.ipsets = this.state.ipsets || [];
- push(this.state.ipsets, s);
+ push(this.state.ipsets ||= [], s);
}
};
projects / project / firewall4.git / commitdiff