fw4.uc: handle interface zone option

With firewall3 it is possible to specify the firewall zone in interface
sections in /etc/config/network. Handle this in firewall4 as well.

Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index bfc568ee540d1274449d38654c7dee1cc8dd956f..b55ad79edac18fda19cf301286d4633cb601bebd 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -378,7 +378,8 @@ return {
                        for (let ifc in ifaces.interface) {
                                let net = {
                                        up: ifc.up,
-                                       device: ifc.l3_device
+                                       device: ifc.l3_device,
+                                       zone: ifc.data?.zone
                                };
 
                                if (type(ifc["ipv4-address"]) == "array") {
@@ -1718,9 +1719,15 @@ return {
 
                let match_devices = [];
                let related_subnets = [];
+               let related_ubus_networks = [];
                let match_subnets, masq_src_subnets, masq_dest_subnets;
 
-               for (let e in to_array(zone.network)) {
+               for (let name, net in this.state.networks) {
+                       if (net.zone === zone.name)
+                               push(related_ubus_networks, { invert: false, device: name });
+               }
+
+               for (let e in [ ...to_array(zone.network), ...related_ubus_networks ]) {
                        if (exists(this.state.networks, e.device)) {
                                let net = this.state.networks[e.device];