luci-app-firewall: initial firewall4 compatibility

Initial changes required for firewall4 compatibility:
* depend on uc-firewall instead of firewall
* detect installed version of firewall and hide incompatible features

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/applications/luci-app-firewall/Makefile b/applications/luci-app-firewall/Makefile
index 4fa85f2d5bcea2dce2ab7995e8f3887f9432be08..2e219d0096546ad44f0e6471d1905522e2a078ed 100644 (file)
--- a/applications/luci-app-firewall/Makefile
+++ b/applications/luci-app-firewall/Makefile
@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 LUCI_TITLE:=Firewall and Portforwarding application
-LUCI_DEPENDS:=+firewall
+LUCI_DEPENDS:=+uci-firewall
 
 PKG_LICENSE:=Apache-2.0
 

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
index 16fae25f4240c8d3813ca9dd1c9328ca2c390540..19274dfd3bbb458e2176ef89f8f0f12ea4ad0d04 100644 (file)
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
@@ -281,10 +281,12 @@ return view.extend({
                fwtool.addLimitOption(s);
                fwtool.addLimitBurstOption(s);
 
-               o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
-                       _('Passes additional arguments to iptables. Use with care!'));
-               o.modalonly = true;
-               o.rmempty = true;
+               if (!L.hasSystemFeature('firewall4')) {
+                       o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
+                               _('Passes additional arguments to iptables. Use with care!'));
+                       o.modalonly = true;
+                       o.rmempty = true;
+               }
 
                return m.render();
        }

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
index 7f073e99cd6e6e13d63b71e7908077746643dc8b..2afb438969e319786cc5f1b78075aca60dcabd68 100644 (file)
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@@ -432,9 +432,11 @@ return view.extend({
                fwtool.addLimitOption(s);
                fwtool.addLimitBurstOption(s);
 
-               o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
-                       _('Passes additional arguments to iptables. Use with care!'));
-               o.modalonly = true;
+               if (!L.hasSystemFeature('firewall4')) {
+                       o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
+                               _('Passes additional arguments to iptables. Use with care!'));
+                       o.modalonly = true;
+               }
 
                o = s.taboption('timed', form.MultiValue, 'weekdays', _('Week Days'));
                o.modalonly = true;

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
index d0213979769d71b56aca0ef512425eb8e5856766..e8c90a75740afe7a1b97a1fe7b09a4157289873b 100644 (file)
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
@@ -245,10 +245,12 @@ return view.extend({
                fwtool.addLimitOption(s);
                fwtool.addLimitBurstOption(s);
 
-               o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
-                       _('Passes additional arguments to iptables. Use with care!'));
-               o.modalonly = true;
-               o.rmempty = true;
+               if (!L.hasSystemFeature('firewall4')) {
+                       o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
+                               _('Passes additional arguments to iptables. Use with care!'));
+                       o.modalonly = true;
+                       o.rmempty = true;
+               }
 
                o = s.taboption('timed', form.MultiValue, 'weekdays', _('Week Days'));
                o.modalonly = true;

diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
index f9d84bfb673ceb357629b9d647fa660b8af8767b..58cd2a7c1e9c2bb62cc7d869f16936883073db29 100644 (file)
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
@@ -269,32 +269,34 @@ return view.extend({
                o.placeholder = '10/minute';
                o.modalonly = true;
 
-               o = s.taboption('extra', form.DummyValue, '_extrainfo');
-               o.rawhtml = true;
-               o.modalonly = true;
-               o.cfgvalue = function(section_id) {
-                       return _('Passing raw iptables arguments to source and destination traffic classification rules allows to match packets based on other criteria than interfaces or subnets. These options should be used with extreme care as invalid values could render the firewall ruleset broken, completely exposing all services.');
-               };
-
-               o = s.taboption('extra', form.Value, 'extra_src', _('Extra source arguments'), _('Additional raw <em>iptables</em> arguments to classify zone source traffic, e.g. <code>-p tcp --sport 443</code> to only match inbound HTTPS traffic.'));
-               o.modalonly = true;
-               o.cfgvalue = function(section_id) {
-                       return uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
-               };
-               o.write = function(section_id, value) {
-                       uci.unset('firewall', section_id, 'extra');
-                       uci.set('firewall', section_id, 'extra_src', value);
-               };
-
-               o = s.taboption('extra', form.Value, 'extra_dest', _('Extra destination arguments'), _('Additional raw <em>iptables</em> arguments to classify zone destination traffic, e.g. <code>-p tcp --dport 443</code> to only match outbound HTTPS traffic.'));
-               o.modalonly = true;
-               o.cfgvalue = function(section_id) {
-                       return uci.get('firewall', section_id, 'extra_dest') || uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
-               };
-               o.write = function(section_id, value) {
-                       uci.unset('firewall', section_id, 'extra');
-                       uci.set('firewall', section_id, 'extra_dest', value);
-               };
+               if (!L.hasSystemFeature('firewall4')) {
+                       o = s.taboption('extra', form.DummyValue, '_extrainfo');
+                       o.rawhtml = true;
+                       o.modalonly = true;
+                       o.cfgvalue = function(section_id) {
+                               return _('Passing raw iptables arguments to source and destination traffic classification rules allows to match packets based on other criteria than interfaces or subnets. These options should be used with extreme care as invalid values could render the firewall ruleset broken, completely exposing all services.');
+                       };
+
+                       o = s.taboption('extra', form.Value, 'extra_src', _('Extra source arguments'), _('Additional raw <em>iptables</em> arguments to classify zone source traffic, e.g. <code>-p tcp --sport 443</code> to only match inbound HTTPS traffic.'));
+                       o.modalonly = true;
+                       o.cfgvalue = function(section_id) {
+                               return uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
+                       };
+                       o.write = function(section_id, value) {
+                               uci.unset('firewall', section_id, 'extra');
+                               uci.set('firewall', section_id, 'extra_src', value);
+                       };
+
+                       o = s.taboption('extra', form.Value, 'extra_dest', _('Extra destination arguments'), _('Additional raw <em>iptables</em> arguments to classify zone destination traffic, e.g. <code>-p tcp --dport 443</code> to only match outbound HTTPS traffic.'));
+                       o.modalonly = true;
+                       o.cfgvalue = function(section_id) {
+                               return uci.get('firewall', section_id, 'extra_dest') || uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
+                       };
+                       o.write = function(section_id, value) {
+                               uci.unset('firewall', section_id, 'extra');
+                               uci.set('firewall', section_id, 'extra_dest', value);
+                       };
+               }
 
                o = s.taboption('general', form.DummyValue, '_forwardinfo');
                o.rawhtml = true;

diff --git a/applications/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json b/applications/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json
index f8a3553a7bd20ef7ba50bda90e091eeffccfc015..8fd1e9cae22ce4074dd4654f9c80f8df659dcb25 100644 (file)
--- a/applications/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json
+++ b/applications/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json
@@ -56,6 +56,9 @@
                "action": {
                        "type": "view",
                        "path": "firewall/custom"
+               },
+               "depends": {
+                       "fs": { "/usr/share/fw3/helpers.conf": "file" }
                }
        }
 }

diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci
index 19cdb0ad39e8ea71d3f1c6742d5a0ac491535dec..fbfc3c7a593091f6aaf66499544858735ca696fd 100755 (executable)
--- a/modules/luci-base/root/usr/libexec/rpcd/luci
+++ b/modules/luci-base/root/usr/libexec/rpcd/luci
@@ -207,6 +207,7 @@ local methods = {
                        local ok, fd
 
                        rv.firewall      = fs.access("/sbin/fw3")
+                       rv.firewall4     = fs.access("/sbin/fw4")
                        rv.opkg          = fs.access("/bin/opkg")
                        rv.offloading    = fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt")
                        rv.br2684ctl     = fs.access("/usr/sbin/br2684ctl")