6 'require tools.firewall as fwtool';
7 'require tools.widgets as widgets';
9 function fmt(fmt
/*, ...*/) {
10 var repl
= [], wrap
= false;
12 for (var i
= 1; i
< arguments
.length
; i
++) {
13 if (L
.dom
.elem(arguments
[i
])) {
14 switch (arguments
[i
].nodeType
) {
16 repl
.push(arguments
[i
].outerHTML
);
21 repl
.push(arguments
[i
].data
);
26 span
.appendChild(arguments
[i
]);
27 repl
.push(span
.innerHTML
);
36 repl
.push(arguments
[i
]);
40 var rv
= fmt
.format
.apply(fmt
, repl
);
41 return wrap
? E('span', rv
) : rv
;
44 function forward_proto_txt(s
) {
46 fwtool
.fmt_family(uci
.get('firewall', s
, 'family')),
47 fwtool
.fmt_proto(uci
.get('firewall', s
, 'proto'),
48 uci
.get('firewall', s
, 'icmp_type')) || 'TCP+UDP');
51 function rule_src_txt(s
) {
52 var z
= fwtool
.fmt_zone(uci
.get('firewall', s
, 'src')),
53 p
= fwtool
.fmt_port(uci
.get('firewall', s
, 'src_port')),
54 m
= fwtool
.fmt_mac(uci
.get('firewall', s
, 'src_mac'));
58 var a
= fwtool
.fmt_ip(uci
.get('firewall', s
, 'src_ip'), _('any host'));
60 return fmt(_('From %s in %s with source %s and %s'), a
, z
, p
, m
);
62 return fmt(_('From %s in %s with source %s'), a
, z
, p
|| m
);
64 return fmt(_('From %s in %s'), a
, z
);
69 var a
= fwtool
.fmt_ip(uci
.get('firewall', s
, 'src_ip'), _('any router IP'));
71 return fmt(_('From %s on <var>this device</var> with source %s and %s'), a
, p
, m
);
73 return fmt(_('From %s on <var>this device</var> with source %s'), a
, p
|| m
);
75 return fmt(_('From %s on <var>this device</var>'), a
);
79 function rule_dest_txt(s
) {
80 var z
= fwtool
.fmt_zone(uci
.get('firewall', s
, 'dest')),
81 p
= fwtool
.fmt_port(uci
.get('firewall', s
, 'dest_port'));
85 var a
= fwtool
.fmt_ip(uci
.get('firewall', s
, 'dest_ip'), _('any host'));
87 return fmt(_('To %s, %s in %s'), a
, p
, z
);
89 return fmt(_('To %s in %s'), a
, z
);
94 var a
= fwtool
.fmt_ip(uci
.get('firewall', s
, 'dest_ip'), _('any router IP'));
96 return fmt(_('To %s at %s on <var>this device</var>'), a
, p
);
98 return fmt(_('To %s on <var>this device</var>'), a
);
102 function rule_target_txt(s
) {
103 var t
= fwtool
.fmt_target(uci
.get('firewall', s
, 'target'), uci
.get('firewall', s
, 'src'), uci
.get('firewall', s
, 'dest')),
104 l
= fwtool
.fmt_limit(uci
.get('firewall', s
, 'limit'), uci
.get('firewall', s
, 'limit_burst'));
107 return fmt(_('<var>%s</var> and limit to %s'), t
, l
);
109 return fmt('<var>%s</var>', t
);
112 function update_ip_hints(map
, section_id
, family
, hosts
) {
113 var elem_src_ip
= map
.lookupOption('src_ip', section_id
)[0].getUIElement(section_id
),
114 elem_dst_ip
= map
.lookupOption('dest_ip', section_id
)[0].getUIElement(section_id
),
115 choice_values
= [], choice_labels
= {};
117 elem_src_ip
.clearChoices();
118 elem_dst_ip
.clearChoices();
120 if (!family
|| family
== 'ipv4') {
121 L
.sortedKeys(hosts
, 'ipv4', 'addr').forEach(function(mac
) {
122 var val
= hosts
[mac
].ipv4
,
123 txt
= '%s (<strong>%s</strong>)'.format(val
, hosts
[mac
].name
|| mac
);
125 choice_values
.push(val
);
126 choice_labels
[val
] = txt
;
130 if (!family
|| family
== 'ipv6') {
131 L
.sortedKeys(hosts
, 'ipv6', 'addr').forEach(function(mac
) {
132 var val
= hosts
[mac
].ipv6
,
133 txt
= '%s (<strong>%s</strong>)'.format(val
, hosts
[mac
].name
|| mac
);
135 choice_values
.push(val
);
136 choice_labels
[val
] = txt
;
140 elem_src_ip
.addChoices(choice_values
, choice_labels
);
141 elem_dst_ip
.addChoices(choice_values
, choice_labels
);
144 return L
.view
.extend({
145 callHostHints
: rpc
.declare({
147 method
: 'getHostHints',
152 return this.callHostHints().catch(function(e
) {
153 console
.debug('load fail', e
);
157 render: function(hosts
) {
160 m
= new form
.Map('firewall', _('Firewall - Traffic Rules'),
161 _('Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.'));
163 s
= m
.section(form
.GridSection
, 'rule', _('Traffic Rules'));
168 s
.tab('general', _('General Settings'));
169 s
.tab('advanced', _('Advanced Settings'));
170 s
.tab('timed', _('Time Restrictions'));
172 s
.filter = function(section_id
) {
173 return (uci
.get('firewall', section_id
, 'target') != 'SNAT');
176 s
.sectiontitle = function(section_id
) {
177 return uci
.get('firewall', section_id
, 'name') || _('Unnamed rule');
180 s
.handleAdd = function(ev
) {
181 var config_name
= this.uciconfig
|| this.map
.config
,
182 section_id
= uci
.add(config_name
, this.sectiontype
),
185 for (var i
= 0; i
< this.children
.length
; i
++)
186 if (this.children
[i
].option
== 'src')
187 opt1
= this.children
[i
];
188 else if (this.children
[i
].option
== 'dest')
189 opt2
= this.children
[i
];
191 opt1
.default = 'wan';
192 opt2
.default = 'lan';
194 this.addedSection
= section_id
;
195 this.renderMoreOptionsModal(section_id
);
201 o
= s
.taboption('general', form
.Value
, 'name', _('Name'));
202 o
.placeholder
= _('Unnamed rule');
205 o
= s
.option(form
.DummyValue
, '_match', _('Match'));
207 o
.textvalue = function(s
) {
209 forward_proto_txt(s
), E('br'),
210 rule_src_txt(s
), E('br'),
215 o
= s
.option(form
.ListValue
, '_target', _('Action'));
217 o
.textvalue = function(s
) {
218 return rule_target_txt(s
);
221 o
= s
.option(form
.Flag
, 'enabled', _('Enable'));
223 o
.default = o
.enabled
;
226 //ft.opt_enabled(s, Button);
227 //ft.opt_name(s, Value, _('Name'));
230 o
= s
.taboption('advanced', form
.ListValue
, 'family', _('Restrict to address family'));
233 o
.value('', _('IPv4 and IPv6'));
234 o
.value('ipv4', _('IPv4 only'));
235 o
.value('ipv6', _('IPv6 only'));
236 o
.validate = function(section_id
, value
) {
237 update_ip_hints(this.map
, section_id
, value
, hosts
);
241 o
= s
.taboption('general', form
.Value
, 'proto', _('Protocol'));
243 o
.default = 'tcp udp';
244 o
.value('all', _('Any'));
245 o
.value('tcp udp', 'TCP+UDP');
246 o
.value('tcp', 'TCP');
247 o
.value('udp', 'UDP');
248 o
.value('icmp', 'ICMP');
249 o
.cfgvalue = function(/* ... */) {
250 var v
= this.super('cfgvalue', arguments
);
251 return (v
== 'tcpudp') ? 'tcp udp' : v
;
254 o
= s
.taboption('advanced', form
.MultiValue
, 'icmp_type', _('Match ICMP type'));
259 o
.placeholder
= _('any');
261 o
.value('address-mask-reply');
262 o
.value('address-mask-request');
263 o
.value('communication-prohibited');
264 o
.value('destination-unreachable');
265 o
.value('echo-reply');
266 o
.value('echo-request');
267 o
.value('fragmentation-needed');
268 o
.value('host-precedence-violation');
269 o
.value('host-prohibited');
270 o
.value('host-redirect');
271 o
.value('host-unknown');
272 o
.value('host-unreachable');
273 o
.value('ip-header-bad');
274 o
.value('neighbour-advertisement');
275 o
.value('neighbour-solicitation');
276 o
.value('network-prohibited');
277 o
.value('network-redirect');
278 o
.value('network-unknown');
279 o
.value('network-unreachable');
280 o
.value('parameter-problem');
281 o
.value('port-unreachable');
282 o
.value('precedence-cutoff');
283 o
.value('protocol-unreachable');
285 o
.value('required-option-missing');
286 o
.value('router-advertisement');
287 o
.value('router-solicitation');
288 o
.value('source-quench');
289 o
.value('source-route-failed');
290 o
.value('time-exceeded');
291 o
.value('timestamp-reply');
292 o
.value('timestamp-request');
293 o
.value('TOS-host-redirect');
294 o
.value('TOS-host-unreachable');
295 o
.value('TOS-network-redirect');
296 o
.value('TOS-network-unreachable');
297 o
.value('ttl-zero-during-reassembly');
298 o
.value('ttl-zero-during-transit');
299 o
.depends('proto', 'icmp');
301 o
= s
.taboption('general', widgets
.ZoneSelect
, 'src', _('Source zone'));
305 o
.allowlocal
= 'src';
307 o
= s
.taboption('advanced', form
.Value
, 'src_mac', _('Source MAC address'));
309 o
.datatype
= 'list(macaddr)';
310 o
.placeholder
= _('any');
311 L
.sortedKeys(hosts
).forEach(function(mac
) {
312 o
.value(mac
, '%s (%s)'.format(
314 hosts
[mac
].name
|| hosts
[mac
].ipv4
|| hosts
[mac
].ipv6
|| '?'
318 o
= s
.taboption('general', form
.Value
, 'src_ip', _('Source address'));
320 o
.datatype
= 'list(neg(ipmask))';
321 o
.placeholder
= _('any');
322 o
.transformChoices = function() { return {} }; /* force combobox rendering */
324 o
= s
.taboption('general', form
.Value
, 'src_port', _('Source port'));
326 o
.datatype
= 'list(neg(portrange))';
327 o
.placeholder
= _('any');
328 o
.depends('proto', 'tcp');
329 o
.depends('proto', 'udp');
330 o
.depends('proto', 'tcp udp');
331 o
.depends('proto', 'tcpudp');
333 o
= s
.taboption('general', widgets
.ZoneSelect
, 'dest', _('Destination zone'));
339 o
= s
.taboption('general', form
.Value
, 'dest_ip', _('Destination address'));
341 o
.datatype
= 'list(neg(ipmask))';
342 o
.placeholder
= _('any');
343 o
.transformChoices = function() { return {} }; /* force combobox rendering */
345 o
= s
.taboption('general', form
.Value
, 'dest_port', _('Destination port'));
347 o
.datatype
= 'list(neg(portrange))';
348 o
.placeholder
= _('any');
349 o
.depends('proto', 'tcp');
350 o
.depends('proto', 'udp');
351 o
.depends('proto', 'tcp udp');
352 o
.depends('proto', 'tcpudp');
354 o
= s
.taboption('general', form
.ListValue
, 'target', _('Action'));
356 o
.default = 'ACCEPT';
357 o
.value('DROP', _('drop'));
358 o
.value('ACCEPT', _('accept'));
359 o
.value('REJECT', _('reject'));
360 o
.value('NOTRACK', _("don't track"));
362 o
= s
.taboption('advanced', form
.Value
, 'extra', _('Extra arguments'),
363 _('Passes additional arguments to iptables. Use with care!'));
366 o
= s
.taboption('timed', form
.MultiValue
, 'weekdays', _('Week Days'));
370 o
.placeholder
= _('Any day');
371 o
.value('Sun', _('Sunday'));
372 o
.value('Mon', _('Monday'));
373 o
.value('Tue', _('Tuesday'));
374 o
.value('Wed', _('Wednesday'));
375 o
.value('Thu', _('Thursday'));
376 o
.value('Fri', _('Friday'));
377 o
.value('Sat', _('Saturday'));
378 o
.write = function(section_id
, value
) {
379 return this.super('write', [ section_id
, L
.toArray(value
).join(' ') ]);
382 o
= s
.taboption('timed', form
.MultiValue
, 'monthdays', _('Month Days'));
386 o
.placeholder
= _('Any day');
387 o
.write = function(section_id
, value
) {
388 return this.super('write', [ section_id
, L
.toArray(value
).join(' ') ]);
390 for (var i
= 1; i
<= 31; i
++)
393 o
= s
.taboption('timed', form
.Value
, 'start_time', _('Start Time (hh.mm.ss)'));
395 o
.datatype
= 'timehhmmss';
397 o
= s
.taboption('timed', form
.Value
, 'stop_time', _('Stop Time (hh.mm.ss)'));
399 o
.datatype
= 'timehhmmss';
401 o
= s
.taboption('timed', form
.Value
, 'start_date', _('Start Date (yyyy-mm-dd)'));
403 o
.datatype
= 'dateyyyymmdd';
405 o
= s
.taboption('timed', form
.Value
, 'stop_date', _('Stop Date (yyyy-mm-dd)'));
407 o
.datatype
= 'dateyyyymmdd';
409 o
= s
.taboption('timed', form
.Flag
, 'utc_time', _('Time in UTC'));
411 o
.default = o
.disabled
;