Commits · cf6c24fa473bf512fd9ad22605943157e9046afa · openwrt / luci

Feb 21, 2024

luci-app-firewall: add address range inputs for traffic rules · 42bd2af3

Jo-Philipp Wich authored Feb 21, 2024



Ref: https://forum.openwrt.org/t/question-about-firewall-rules/188656
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

42bd2af3

Dec 30, 2023

luci-mod-firewall: Expand on naming of forwarding rule inside the zone · c74c8614

Jonas Dreßler authored Aug 23, 2023



Apparently the "Forward" entry of the individual firewall zones controls
forwarding within the zone (between the individual interfaces) only, and not
the forwarding of packets from the zone to other zones. This is quite
confusing, as the meaning is different from the global "Forward" option
above, which does control forwarding between zones.

Quote from user jow on the forum:
> The per-zone forward controls forwarding traffic among the ifaces of this
> zone. Traffic from/to other zones is handled by the global forward policy,
> or individual forwardings or rules.

See https://forum.openwrt.org/t/likely-bug-in-openwrt-firewall-rule-generation/18152

Let's try to be a bit more concise with the naming here and rename this
entry to "Intra zone forward", which hopefully makes the difference clear.

Signed-off-by: Jonas Dreßler <verdre@v0yd.nl>

c74c8614

Nov 28, 2023

luci-app-firewall: allow redirects using ip family any · 8169f482

Vladislav Grigoryev authored Nov 18, 2023



Allow creating redirects using IP family `any`.
This helps redirect both IPv4 and IPv6 traffic.
It is used to intercept traffic on the router.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>

8169f482

Oct 12, 2023

firewall: ipsets.js: validate set names · 755edf6f

Jo-Philipp Wich authored Oct 12, 2023

Ensure that user supplied set name values conform to the nftables identifier
syntax constraints.

Fixes: #6633
Fixes: 04843439

 ("luci-app-firewall: implement IPsets GUI")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

755edf6f

Jul 31, 2023
- luci-app-firewall: cleaning up outdated instructions on hardware NAT · 5d1e5816
  清靈語 authored Jul 31, 2023
  
  5d1e5816
Jul 12, 2023

luci-app-firewall: add reflection_zone field to forwards · 3f20598a

Julien Cassette authored Jul 12, 2023



This allows to to define multiple zones for NAT reflection rules.

Fixes: #1560

Signed-off-by: Julien Cassette <julien.cassette@gmail.com>

3f20598a

Jun 10, 2023
- luci-app-firewall: missing variable declaration · b5ba9c37
  Sergey Ponomarev authored Jun 10, 2023
```
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
```
  b5ba9c37
May 16, 2023

luci-app-firewall: add ICMPv6 MLD rules · 73abc0ee

Jonathan G. Underwood authored May 16, 2023

This adds entries for ICMPv6 MLD types. This fixes the ICMPv6 MLD types to be consistent with fw4.

These types were added to fw4 in this commit:

    -  https://github.com/openwrt/firewall4/commit/e6e82a55206cf7017f26b92f7097f779161b5cac

But were omitted from the corresponding luci-app-firewall commit:

    - https://github.com/openwrt/luci/commit/88a016cb



Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>

73abc0ee

Apr 05, 2023

luci-app-firewall: fix the IPv6 forwards/snats view · 148759a5

Dirk Brenken authored Apr 05, 2023

* corrects the view as IPv4 and IPv6 for rules where the family is 'any' and the IP not set (this fixes #9c55500f

), e.g. a forward rule like that:

config redirect 'adblock_lan53'
	option name 'Adblock DNS (lan, 53)'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '53'
	option dest_port '53'
	option target 'DNAT'
	option family 'any'

Signed-off-by: Dirk Brenken <dev@brenken.org>

148759a5

Mar 30, 2023

application/luci-app-firewall: fix null access · 7a4afdcb

Jo-Philipp Wich authored Mar 30, 2023

Fixes: 48086e1c ("luci-app-firewall: Add ipset field to snats")
Fixes: d0d891c2 ("luci-app-firewall: Add ipset field to forwards (redirects)")
Fixes: f407a013

 ("luci-app-firewall: Add ipset field to rules")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

7a4afdcb

luci-app-firewall: add masq6 option for zones · ef288b79

Tianling Shen authored Mar 29, 2023



Allow configure Masquerading6 via LuCI interface.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

ef288b79

Mar 29, 2023
- luci-app-firewall: Add ipset field to snats · 48086e1c
  Paul Dee authored Feb 17, 2023
```
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
```
  48086e1c
- luci-app-firewall: Add ipset field to forwards (redirects) · d0d891c2
  Paul Dee authored Feb 17, 2023
```
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
```
  d0d891c2
- luci-app-firewall: Add ipset field to rules · f407a013
  Paul Dee authored Feb 17, 2023
```
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
```
  f407a013
- luci-app-firewall: implement IPsets GUI · 04843439
  Paul Dee authored Feb 17, 2023
```
Enable it and place it between snats and custom tabs

Tested on 22.03.2, 22.03.3

Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
```
  04843439
Mar 15, 2023

luci-app-firewall: allow ipv6 setup · 9c55500f

Chen Minqiang authored Oct 19, 2022



Allow setup ipv6 for Port Forwards and NAT Rules if firewall4 is
used.

Add 'Restrict to address family' option for NAT Rules, if family is
any/empty , assume it is ipv4. this allow setup NAT6 rules in web ui

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>

9c55500f

luci-app-firewall: suppress lengthy masq description in zone table · c0d4c017

Jo-Philipp Wich authored Mar 15, 2023

Ensure that the description of the masquerade option does not end up in
the grid section overview as it messes up the table layout.

Fixes: c54efde7

 ("luci-app-firewall: Add clarification to masquerading option")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

c0d4c017

Feb 17, 2023

luci-app-firewall: extend icmpv6 types available · 88a016cb

Paul Dee authored Feb 09, 2023



luci complement to https://github.com/openwrt/firewall4/commit/e6e82a55206cf7017f26b92f7097f779161b5cac

Tested on 22.03.3

Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>

88a016cb

luci-app-firewall: remove the '', 'any' mapping in icmpv6 entries · 7bf1c2da

Paul Dee authored Feb 10, 2023



This prevents its inconsistent checked/unchecked behaviour when exiting
and re-entering the dialogue.

Tested on 22.03.3

Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>

7bf1c2da

Feb 04, 2023
- luci-app-firewall: Add clarification to masquerading option · c54efde7
  Martijn Staal authored Jan 20, 2023
```
Signed-off-by: Martijn Staal <27222398+mastaal@users.noreply.github.com>
```
  c54efde7
Mar 30, 2022
- luci-app-firewall: fix misspelling of restrictions · 0eb3aeb0
  Jo-Philipp Wich authored Mar 30, 2022
```
Fixes: #5749
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  0eb3aeb0
Feb 16, 2022
- luci-app-firewall: fix setting unspecified zone on forwardings · 21784446
  Jo-Philipp Wich authored Feb 16, 2022
```
Fixes: #5685
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  21784446
Jan 06, 2022

luci-app-firewall: initial firewall4 compatibility · 48599d8d

Stijn Tintel authored Nov 04, 2021



Initial changes required for firewall4 compatibility:
* depend on uc-firewall instead of firewall
* detect installed version of firewall and hide incompatible features

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>

48599d8d

Dec 09, 2021

luci-app-firewall: CBIProtocolSelect: properly handle unrecognized protos · 43818163

Jo-Philipp Wich authored Dec 09, 2021



Prevent incorrectly replacing unrecognized protocol numbers with -1.

Fixes: #5587
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

43818163

Nov 11, 2021

luci-app-firewall: use firewall.getZoneColorStyle() in views · 0b4b6380

Jo-Philipp Wich authored Nov 11, 2021



Use the new `firewall.getZoneColorStyle()` helper to apply background
color styles.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

0b4b6380

Nov 10, 2021

luci-app-firewall: adjust zone badge markup · 6c96414d

Jo-Philipp Wich authored Nov 08, 2021



No functional changes but required for styling rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

6c96414d

Aug 31, 2021

luci-app-firewall: add ipv6 exclusive ICMP types · 19c66ef5

Paul Dee authored Aug 31, 2021


to firewall 'Match ICMP type' field.

See issue #5213

Signed-off-by: Paul Dee <systemcrash@users.noreply.github.com>

19c66ef5

Aug 11, 2021

firewall: more text lines for custom script · 406e6c81

Fritz D. Ansel authored Aug 02, 2021



10 lines are very few and there is much unused space

Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>

406e6c81

Aug 04, 2021
- luci-app-firewall: replace hh.mm.ss with hh:mm:ss · 1b4936a6
  Stan Grishin authored Aug 04, 2021
```
Signed-off-by: Stan Grishin <stangri@melmac.net>
```
  1b4936a6
Jun 03, 2021

luci-app-firewall: further luci-rpc/getHostHints compatibility fixes · dc0cfc64

Jo-Philipp Wich authored Jun 03, 2021

Rework some further code instances to fall back to the legacy ipv4/ipv6
properties if needed.

Fixes: c7b7b42c

 ("treewide: Update JS using luci-rpc getHostHints")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

dc0cfc64

treewide: Update JS using luci-rpc getHostHints · c7b7b42c

Niels Widger authored Mar 31, 2021



Update frontend JS code which uses luci-rpc getHostHints to support the new
response format which removes the `ipv4` and `ipv6` host hint string fields
and replaces them with `ipaddrs` and `ip6addrs` weighted string list fields.

Signed-off-by: Niels Widger <niels@qacafe.com>
[rework code to be forwards/backwards compatible, fix some Network.Hosts
 methods, fix IP choice ordering, change commit subject, rewrap commit
 message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

c7b7b42c

Mar 15, 2021
- luci-app-firewall: simplify some form actions · bbf1a534
  Jo-Philipp Wich authored Aug 06, 2020
```
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  bbf1a534
Mar 01, 2021
- luci-app-firewall: allow negative prefix lengths · f64b3d50
  Jo-Philipp Wich authored Mar 01, 2021
```
Fixes: #4812
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  f64b3d50
- luci-app-firewall: zones.js: fix HTML display in ct helper selection · 154117ff
  Jo-Philipp Wich authored Mar 01, 2021
```
Fixes: #4845
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  154117ff
- luci-app-firewall: fix creating multiple networks from zone network selector · 5d528da2
  Jo-Philipp Wich authored Mar 01, 2021
```
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  5d528da2
Feb 19, 2021

luci-app-firewall: properly handle custom multi IP/MAC input · b60be8cf

Jo-Philipp Wich authored Feb 19, 2021



Store multiple space separated custom address values as separate uci
list items in the configuration.

Fixes: #4822
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

b60be8cf

Jan 13, 2021
- luci-app-firewall: add tooltip on rules that have time restrictions enabled · ab390cf9
  Florian Eckert authored Jan 13, 2021
```
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
```
  ab390cf9
- luci-app-firewall: add limited masquerading tooltip · 4bbf6db9
  Florian Eckert authored Dec 18, 2020
```
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
```
  4bbf6db9
Dec 16, 2020

luci-app-firewall: map proto '*' and 'any' to all on rule config · 972096bf

Florian Eckert authored Dec 11, 2020

Before the change, the options '*' and 'any' in the drop down were not
recognized as valid options, when loaded from the uci. With this change,
the options '*' and 'any' are mapped to 'all' and saved as such. This
change is especially important if the proto option is changed manually
to '*' or 'any' in shell and then further configured via LuCI.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

972096bf

Nov 20, 2020
- luci-app-firewall: fix removing networks from zone · 4dbf600d
  Jo-Philipp Wich authored Nov 20, 2020
```
Fixes: #4608
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
```
  4dbf600d