fw4.uc: handle interface zone option

With firewall3 it is possible to specify the firewall zone in interface
sections in /etc/config/network. Handle this in firewall4 as well.

Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>

1 files changed, 9 insertions, 2 deletions

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index bfc568e..b55ad79 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -378,7 +378,8 @@ return {
 			for (let ifc in ifaces.interface) {
 				let net = {
 					up: ifc.up,
-					device: ifc.l3_device
+					device: ifc.l3_device,
+					zone: ifc.data?.zone
 				};
 
 				if (type(ifc["ipv4-address"]) == "array") {
@@ -1718,9 +1719,15 @@ return {
 
 		let match_devices = [];
 		let related_subnets = [];
+		let related_ubus_networks = [];
 		let match_subnets, masq_src_subnets, masq_dest_subnets;
 
-		for (let e in to_array(zone.network)) {
+		for (let name, net in this.state.networks) {
+			if (net.zone === zone.name)
+				push(related_ubus_networks, { invert: false, device: name });
+		}
+
+		for (let e in [ ...to_array(zone.network), ...related_ubus_networks ]) {
 			if (exists(this.state.networks, e.device)) {
 				let net = this.state.networks[e.device];