Changeset 8117

Timestamp:

12/20/11 04:14:54 (17 months ago)

Author:

jow

Message:

applications/luci-firewall: use option "name" instead of deprecated "_name", expose "extra" option, add enable/disable toggles for portforwards, snats and rules

Location:

luci/trunk/applications/luci-firewall/luasrc

Files:

• model/cbi/firewall/forward-details.lua (modified) (4 diffs)
• model/cbi/firewall/forwards.lua (modified) (3 diffs)
• model/cbi/firewall/rule-details.lua (modified) (6 diffs)
• model/cbi/firewall/rules.lua (modified) (7 diffs)
• tools/firewall.lua (modified) (1 diff)

luci/trunk/applications/luci-firewall/luasrc/model/cbi/firewall/forward-details.lua

@@ -15 +15 @@
 local sys = require "luci.sys"
 local dsp = require "luci.dispatcher"
+local ft  = require "luci.tools.firewall"
+
+local m, s, o
 
 arg[1] = arg[1] or ""
@@ -30 +33 @@
     return
 else
-    local name = m:get(arg[1], "_name")
+    local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
     if not name or #name == 0 then
         name = translate("(Unnamed Entry)")
@@ -57 +60 @@
 s.addremove = false
 
-s:tab("general", translate("General Settings"))
-s:tab("advanced", translate("Advanced Settings"))
+ft.opt_enabled(s, Button)
+ft.opt_name(s, Value, translate("Name"))
 
-name = s:taboption("general", Value, "_name", translate("Name"))
-name.rmempty = true
-name.size = 10
 
-src = s:taboption("advanced", Value, "src", translate("Source zone"))
-src.nocreate = true
-src.default = "wan"
-src.template = "cbi/firewall_zonelist"
+o = s:option(Value, "proto", translate("Protocol"))
+o:value("tcp udp", "TCP+UDP")
+o:value("tcp", "TCP")
+o:value("udp", "UDP")
+o:value("icmp", "ICMP")
 
-proto = s:taboption("general", Value, "proto", translate("Protocol"))
-proto.optional = true
-proto:value("tcp udp", "TCP+UDP")
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("icmp", "ICMP")
-
-function proto.cfgvalue(...)
+function o.cfgvalue(...)
     local v = Value.cfgvalue(...)
     if not v or v == "tcpudp" then
@@ -84 +78 @@
 end
 
-dport = s:taboption("general", Value, "src_dport", translate("External port"),
+
+o = s:option(Value, "src", translate("Source zone"))
+o.nocreate = true
+o.default = "wan"
+o.template = "cbi/firewall_zonelist"
+
+
+o = s:option(DynamicList, "src_mac",
+    translate("Source MAC address"),
+    translate("Only match incoming traffic from these MACs."))
+o.rmempty = true
+o.datatype = "macaddr"
+o.placeholder = translate("any")
+
+
+o = s:option(Value, "src_ip",
+    translate("Source IP address"),
+    translate("Only match incoming traffic from this IP or range."))
+o.rmempty = true
+o.datatype = "neg(ip4addr)"
+o.placeholder = translate("any")
+
+
+o = s:option(Value, "src_port",
+    translate("Source port"),
+    translate("Only match incoming traffic originating from the given source port or port range on the client host"))
+o.rmempty = true
+o.datatype = "portrange"
+o.placeholder = translate("any")
+
+
+o = s:option(Value, "src_dip",
+    translate("External IP address"),
+    translate("Only match incoming traffic directed at the given IP address."))
+
+o.rmempty = true
+o.datatype = "ip4addr"
+o.placeholder = translate("any")
+
+
+o = s:option(Value, "src_dport", translate("External port"),
     translate("Match incoming traffic directed at the given " ..
         "destination port or port range on this host"))
-dport.datatype = "portrange"
+o.datatype = "portrange"
 
-to = s:taboption("general", Value, "dest_ip", translate("Internal IP address"),
-    translate("Redirect matched incoming traffic to the specified " ..
-        "internal host"))
-to.datatype = "ip4addr"
+
+
+o = s:option(Value, "dest", translate("Internal zone"))
+o.nocreate = true
+o.default = "lan"
+o.template = "cbi/firewall_zonelist"
+
+
+o = s:option(Value, "dest_ip", translate("Internal IP address"),
+    translate("Redirect matched incoming traffic to the specified \
+        internal host"))
+o.datatype = "ip4addr"
 for i, dataset in ipairs(sys.net.arptable()) do
-    to:value(dataset["IP address"])
+    o:value(dataset["IP address"])
 end
 
-toport = s:taboption("general", Value, "dest_port", translate("Internal port (optional)"),
-    translate("Redirect matched incoming traffic to the given port on " ..
-        "the internal host"))
-toport.optional = true
-toport.placeholder = "0-65535"
-toport.datatype = "portrange"
 
-dest = s:taboption("advanced", Value, "dest", translate("Destination zone"))
-dest.nocreate = true
-dest.default = "lan"
-dest.template = "cbi/firewall_zonelist"
+o = s:option(Value, "dest_port",
+    translate("Internal port"),
+    translate("Redirect matched incoming traffic to the given port on \
+        the internal host"))
+o.placeholder = translate("any")
+o.datatype = "portrange"
 
-src_dip = s:taboption("advanced", Value, "src_dip",
-    translate("Intended destination address"),
-    translate("Only match incoming traffic directed at the given IP address."))
 
-src_dip.optional = true
-src_dip.datatype = "ip4addr"
-src_dip.placeholder = translate("any")
-
-src_mac = s:taboption("advanced", DynamicList, "src_mac",
-    translate("Source MAC address"),
-    translate("Only match incoming traffic from these MACs."))
-src_mac.optional = true
-src_mac.datatype = "macaddr"
-src_mac.placeholder = translate("any")
-
-src_ip = s:taboption("advanced", Value, "src_ip",
-    translate("Source IP address"),
-    translate("Only match incoming traffic from this IP or range."))
-src_ip.optional = true
-src_ip.datatype = "neg(ip4addr)"
-src_ip.placeholder = translate("any")
-
-sport = s:taboption("advanced", Value, "src_port",
-    translate("Source port"),
-    translate("Only match incoming traffic originating from the given source port or port range on the client host"))
-sport.optional = true
-sport.datatype = "portrange"
-sport.placeholder = translate("any")
-
-reflection = s:taboption("advanced", Flag, "reflection", translate("Enable NAT Loopback"))
-reflection.rmempty = true
-reflection.default = reflection.enabled
-reflection:depends({ target = "DNAT", src = wan_zone })
-reflection.cfgvalue = function(...)
+o = s:option(Flag, "reflection", translate("Enable NAT Loopback"))
+o.rmempty = true
+o.default = o.enabled
+o:depends("src", wan_zone)
+o.cfgvalue = function(...)
     return Flag.cfgvalue(...) or "1"
 end
 
+
+s:option(Value, "extra",
+    translate("Extra arguments"),
+    translate("Passes additional arguments to iptables. Use with care!"))
+
+
 return m

luci/trunk/applications/luci-firewall/luasrc/model/cbi/firewall/forwards.lua

@@ -50 +50 @@
         self.map:set(created, "dest_ip",   a)
         self.map:set(created, "dest_port", i)
-        self.map:set(created, "_name",     n)
+        self.map:set(created, "name",      n)
     end
 
@@ -72 +72 @@
 end
 
-name = s:option(DummyValue, "_name", translate("Name"))
-function name.cfgvalue(self, s)
-    return self.map:get(s, "_name") or "-"
-end
+
+ft.opt_name(s, DummyValue, translate("Name"))
+
 
 proto = s:option(DummyValue, "proto", translate("Protocol"))
@@ -132 +131 @@
 end
 
+ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
+
 return m

luci/trunk/applications/luci-firewall/luasrc/model/cbi/firewall/rule-details.lua

@@ -18 +18 @@
 local nxo = require "nixio"
 
+local ft = require "luci.tools.firewall"
 local nw = require "luci.model.network"
 local m, s, o, k, v
@@ -47 +48 @@
 elseif rule_type == "redirect" then
 
-    local name = m:get(arg[1], "_name")
+    local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
     if not name or #name == 0 then
         name = translate("(Unnamed SNAT)")
@@ -77 +78 @@
 
 
-    o = s:option(Value, "_name", translate("Name"))
-    o.rmempty = true
-    o.size = 10
+    ft.opt_enabled(s, Button)
+    ft.opt_name(s, Value, translate("Name"))
 
 
@@ -116 +116 @@
     o = s:option(Value, "src_ip", translate("Source IP address"))
     o.rmempty = true
-    o.datatype = "neg(ip4addr)"
+    o.datatype = "neg(ipaddr)"
     o.placeholder = translate("any")
 
@@ -177 +177 @@
 
 
+    s:option(Value, "extra",
+        translate("Extra arguments"),
+        translate("Passes additional arguments to iptables. Use with care!"))
+
+
 --
 -- Rule
 --
 else
+    local name = m:get(arg[1], "name") or m:get(arg[1], "_name")
+    if not name or #name == 0 then
+        name = translate("(Unnamed Rule)")
+    end
+
+    m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name }
+
+
     s = m:section(NamedSection, arg[1], "rule", "")
     s.anonymous = true
     s.addremove = false
 
-    s:option(Value, "_name", translate("Name").." "..translate("(optional)"))
+    ft.opt_enabled(s, Button)
+    ft.opt_name(s, Value, translate("Name"))
 
 
@@ -296 +310 @@
     o:value("REJECT", translate("reject"))
     o:value("NOTRACK", translate("don't track"))
+
+
+    s:option(Value, "extra",
+        translate("Extra arguments"),
+        translate("Passes additional arguments to iptables. Use with care!"))
 end
 

luci/trunk/applications/luci-firewall/luasrc/model/cbi/firewall/rules.lua

@@ -60 +60 @@
         self.map:set(created, "proto",     (i_p ~= "other") and i_p or "all")
         self.map:set(created, "dest_port", i_e)
-        self.map:set(created, "_name",     i_n)
+        self.map:set(created, "name",      i_n)
 
         if i_p ~= "other" and i_e and #i_e > 0 then
@@ -72 +72 @@
         self.map:set(created, "src",    f_s)
         self.map:set(created, "dest",   f_d)
-        self.map:set(created, "_name",  f_n)
+        self.map:set(created, "name",   f_n)
     end
 
@@ -83 +83 @@
 end
 
-name = s:option(DummyValue, "_name", translate("Name"))
-function name.cfgvalue(self, s)
-    return self.map:get(s, "_name") or "-"
-end
+ft.opt_name(s, DummyValue, translate("Name"))
 
 family = s:option(DummyValue, "family", translate("Family"))
@@ -170 +167 @@
     end
 end
+
+ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
 
 
@@ -211 +210 @@
         self.map:set(created, "src_dip",   a)
         self.map:set(created, "src_dport", p)
-        self.map:set(created, "_name",     n)
+        self.map:set(created, "name",      n)
     end
 
@@ -226 +225 @@
 end
 
-name = s:option(DummyValue, "_name", translate("Name"))
-function name.cfgvalue(self, s)
-    return self.map:get(s, "_name") or "-"
-end
+ft.opt_name(s, DummyValue, translate("Name"))
 
 proto = s:option(DummyValue, "proto", translate("Protocol"))
@@ -286 +282 @@
 end
 
+ft.opt_enabled(s, Flag, translate("Enable")).width = "1%"
+
 
 return m

luci/trunk/applications/luci-firewall/luasrc/tools/firewall.lua

@@ -228 +228 @@
     end
 end
+
+
+function opt_enabled(s, t, ...)
+    if t == luci.cbi.Button then
+        local o = s:option(t, "__enabled")
+        function o.render(self, section)
+            if self.map:get(section, "enabled") ~= "0" then
+                self.title      = translate("Rule is enabled")
+                self.inputtitle = translate("Disable")
+                self.inputstyle = "reset"
+            else
+                self.title      = translate("Rule is disabled")
+                self.inputtitle = translate("Enable")
+                self.inputstyle = "apply"
+            end
+            t.render(self, section)
+        end
+        function o.write(self, section, value)
+            if self.map:get(section, "enabled") ~= "0" then
+                self.map:set(section, "enabled", "0")
+            else
+                self.map:del(section, "enabled")
+            end
+        end
+        return o
+    else
+        local o = s:option(t, "enabled", ...)
+              o.enabled = ""
+              o.disabled = "0"
+              o.default = o.enabled
+        return o
+    end
+end
+
+function opt_name(s, t, ...)
+    local o = s:option(t, "name", ...)
+
+    function o.cfgvalue(self, section)
+        return self.map:get(section, "name") or
+            self.map:get(section, "_name") or "-"
+    end
+
+    function o.write(self, section, value)
+        if value ~= "-" then
+            self.map:set(section, "name", value)
+            self.map:del(section, "_name")
+        else
+            self:remove(section)
+        end
+    end
+
+    function o.remove(self, section)
+        self.map:del(section, "name")
+        self.map:del(section, "_name")
+    end
+
+    return o
+end