From 48415f258229136bc2e8bb23f6ee197c5d3ac156 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 29 Mar 2023 00:56:55 +0800 Subject: [PATCH] luci-app-firewall: add masq6 option for zones Allow configure Masquerading6 via LuCI interface. Signed-off-by: Tianling Shen (cherry picked from commit ef288b791d4455478f6244f2d41c3aac55271226) --- .../resources/view/firewall/zones.js | 40 +++++++++++++++---- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js index e19e466e1b..f07df06153 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js @@ -33,6 +33,7 @@ return view.extend({ var ctHelpers = data[0], fwDefaults = data[1], m, s, o, inp, out; + var fw4 = L.hasSystemFeature('firewall4'); m = new form.Map('firewall', _('Firewall - Zone Settings'), _('The firewall creates zones over your network interfaces to control network traffic flow.')); @@ -158,12 +159,13 @@ return view.extend({ p[2].default = fwDefaults.getForward(); o = s.taboption('general', form.Flag, 'masq', _('Masquerading'), - _('Enable network address and port translation (NAT or NAPT) for outbound traffic on this zone. This is typically enabled on the wan zone.')); + _('Enable network address and port translation IPv4 (NAT4 or NAPT4) for outbound traffic on this zone. This is typically enabled on the wan zone.')); o.editable = true; o.tooltip = function(section_id) { + var family = uci.get('firewall', section_id, 'family') var masq_src = uci.get('firewall', section_id, 'masq_src') var masq_dest = uci.get('firewall', section_id, 'masq_dest') - if (masq_src || masq_dest) + if ((!family || family.indexOf('6') == -1) && (masq_src || masq_dest)) return _('Limited masquerading enabled'); return null; @@ -230,6 +232,20 @@ return view.extend({ o.modalonly = true; o.multiple = true; + if (fw4) { + o = s.taboption('advanced', form.Flag, 'masq6', _('IPv6 Masquerading'), + _('Enable network address and port translation IPv6 (NAT6 or NAPT6) for outbound traffic on this zone.')); + o.modalonly = true; + o.tooltip = function(section_id) { + var family = uci.get('firewall', section_id, 'family') + var masq_src = uci.get('firewall', section_id, 'masq_src') + var masq_dest = uci.get('firewall', section_id, 'masq_dest') + if ((!family || family.indexOf('6') >= 0) && (masq_src || masq_dest)) + return _('Limited masquerading enabled'); + return null; + }; + } + o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family')); o.value('', _('IPv4 and IPv6')); o.value('ipv4', _('IPv4 only')); @@ -237,16 +253,24 @@ return view.extend({ o.modalonly = true; o = s.taboption('advanced', form.DynamicList, 'masq_src', _('Restrict Masquerading to given source subnets')); - o.depends('family', ''); - o.depends('family', 'ipv4'); - o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))'; + if (fw4) { + o.datatype = 'list(neg(or(uciname,hostname,ipmask)))'; + } else { + o.depends('family', ''); + o.depends('family', 'ipv4'); + o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))'; + } o.placeholder = '0.0.0.0/0'; o.modalonly = true; o = s.taboption('advanced', form.DynamicList, 'masq_dest', _('Restrict Masquerading to given destination subnets')); - o.depends('family', ''); - o.depends('family', 'ipv4'); - o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))'; + if (fw4) { + o.datatype = 'list(neg(or(uciname,hostname,ipmask)))'; + } else { + o.depends('family', ''); + o.depends('family', 'ipv4'); + o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))'; + } o.placeholder = '0.0.0.0/0'; o.modalonly = true; -- 2.30.2