From a2e9e45c6d292109eeb591189f3fb4a16637b244 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 19 Jan 2020 19:37:28 +0100 Subject: [PATCH] luci-app-firewall: add SNAT config migration Signed-off-by: Jo-Philipp Wich (backported from commit f1771d14aaa5f489d925f4ae775ae54a74ed7b81) --- .../luci-static/resources/tools/firewall.js | 61 ++++++++++++++++++- .../resources/view/firewall/forwards.js | 10 ++- .../resources/view/firewall/rules.js | 10 ++- .../resources/view/firewall/snats.js | 10 ++- .../resources/view/firewall/zones.js | 8 +++ 5 files changed, 95 insertions(+), 4 deletions(-) diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js b/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js index c60bfd028c..cfa6c83651 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js @@ -590,5 +590,64 @@ return L.Class.extend({ return widget.render(); } - }) + }), + + checkLegacySNAT: function() { + var redirects = uci.sections('firewall', 'redirect'); + + for (var i = 0; i < redirects.length; i++) + if ((redirects[i]['target'] || '').toLowerCase() == 'snat') + return true; + + return false; + }, + + handleMigration: function(ev) { + var redirects = uci.sections('firewall', 'redirect'), + tasks = []; + + var mapping = { + dest: 'src', + reflection: null, + reflection_src: null, + src_dip: 'snat_ip', + src_dport: 'snat_port', + src: null + }; + + for (var i = 0; i < redirects.length; i++) { + if ((redirects[i]['target'] || '').toLowerCase() != 'snat') + continue; + + var sid = uci.add('firewall', 'nat'); + + for (var opt in redirects[i]) { + if (opt.charAt(0) == '.') + continue; + + if (mapping[opt] === null) + continue; + + uci.set('firewall', sid, mapping[opt] || opt, redirects[i][opt]); + } + + uci.remove('firewall', redirects[i]['.name']); + } + + return uci.save() + .then(L.bind(ui.changes.init, ui.changes)) + .then(L.bind(ui.changes.apply, ui.changes)); + }, + + renderMigration: function() { + ui.showModal(_('Firewall configuration migration'), [ + E('p', _('The existing firewall configuration needs to be changed for LuCI to function properly.')), + E('p', _('Upon pressing "Continue", "redirect" sections with target "SNAT" will be converted to "nat" sections and the firewall will be restarted to apply the updated configuration.')), + E('div', { 'class': 'right' }, + E('button', { + 'class': 'btn cbi-button-action important', + 'click': ui.createHandlerFn(this, 'handleMigration') + }, _('Continue'))) + ]); + }, }); diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js index 096124fcca..916a32fcaf 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js @@ -107,11 +107,19 @@ return L.view.extend({ return Promise.all([ this.callHostHints(), this.callConntrackHelpers(), - this.callNetworkDevices() + this.callNetworkDevices(), + uci.load('firewall') ]); }, render: function(data) { + if (fwtool.checkLegacySNAT()) + return fwtool.renderMigration(); + else + return this.renderForwards(data); + }, + + renderForwards: function(data) { var hosts = data[0], ctHelpers = data[1], devs = data[2], diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js index cc85e66769..b68f428d95 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js @@ -152,11 +152,19 @@ return L.view.extend({ load: function() { return Promise.all([ this.callHostHints(), - this.callConntrackHelpers() + this.callConntrackHelpers(), + uci.load('firewall') ]); }, render: function(data) { + if (fwtool.checkLegacySNAT()) + return fwtool.renderMigration(); + else + return this.renderRules(data); + }, + + renderRules: function(data) { var hosts = data[0], ctHelpers = data[1], m, s, o; diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js index 2db02d9444..9efa1a7497 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js @@ -106,11 +106,19 @@ return L.view.extend({ load: function() { return Promise.all([ this.callHostHints(), - this.callNetworkDevices() + this.callNetworkDevices(), + uci.load('firewall') ]); }, render: function(data) { + if (fwtool.checkLegacySNAT()) + return fwtool.renderMigration(); + else + return this.renderNats(data); + }, + + renderNats: function(data) { var hosts = data[0], devs = data[1], m, s, o; diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js index 4f8dad23d3..89de8f46b5 100644 --- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js +++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js @@ -4,6 +4,7 @@ 'require form'; 'require network'; 'require firewall'; +'require tools.firewall as fwtool'; 'require tools.widgets as widgets'; return L.view.extend({ @@ -21,6 +22,13 @@ return L.view.extend({ }, render: function(data) { + if (fwtool.checkLegacySNAT()) + return fwtool.renderMigration(); + else + return this.renderZones(data); + }, + + renderZones: function(data) { var ctHelpers = data[0], fwDefaults = data[1], m, s, o, inp, out; -- 2.30.2