projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
luci-app-firewall: honour global default policies in per-zone settings
[project/luci.git] / applications / luci-app-firewall / htdocs / luci-static / resources / view / firewall / forwards.js
1 'use strict';
2 'require ui';
3 'require rpc';
4 'require uci';
5 'require form';
6 'require tools.firewall as fwtool';
7 'require tools.widgets as widgets';
8
9 function fmt(fmt /*, ...*/) {
10 var repl = [], wrap = false;
11
12 for (var i = 1; i < arguments.length; i++) {
13 if (L.dom.elem(arguments[i])) {
14 switch (arguments[i].nodeType) {
15 case 1:
16 repl.push(arguments[i].outerHTML);
17 wrap = true;
18 break;
19
20 case 3:
21 repl.push(arguments[i].data);
22 break;
23
24 case 11:
25 var span = E('span');
26 span.appendChild(arguments[i]);
27 repl.push(span.innerHTML);
28 wrap = true;
29 break;
30
31 default:
32 repl.push('');
33 }
34 }
35 else {
36 repl.push(arguments[i]);
37 }
38 }
39
40 var rv = fmt.format.apply(fmt, repl);
41 return wrap ? E('span', rv) : rv;
42 }
43
44 function forward_proto_txt(s) {
45 return fmt('%s-%s',
46 fwtool.fmt_family(uci.get('firewall', s, 'family')),
47 fwtool.fmt_proto(uci.get('firewall', s, 'proto'),
48 uci.get('firewall', s, 'icmp_type')) || 'TCP+UDP');
49 }
50
51 function forward_src_txt(s) {
52 var z = fwtool.fmt_zone(uci.get('firewall', s, 'src'), _('any zone')),
53 a = fwtool.fmt_ip(uci.get('firewall', s, 'src_ip'), _('any host')),
54 p = fwtool.fmt_port(uci.get('firewall', s, 'src_port')),
55 m = fwtool.fmt_mac(uci.get('firewall', s, 'src_mac'));
56
57 if (p && m)
58 return fmt(_('From %s in %s with source %s and %s'), a, z, p, m);
59 else if (p || m)
60 return fmt(_('From %s in %s with source %s'), a, z, p || m);
61 else
62 return fmt(_('From %s in %s'), a, z);
63 }
64
65 function forward_via_txt(s) {
66 var a = fwtool.fmt_ip(uci.get('firewall', s, 'src_dip'), _('any router IP')),
67 p = fwtool.fmt_port(uci.get('firewall', s, 'src_dport'));
68
69 if (p)
70 return fmt(_('Via %s at %s'), a, p);
71 else
72 return fmt(_('Via %s'), a);
73 }
74
75 return L.view.extend({
76 callHostHints: rpc.declare({
77 object: 'luci',
78 method: 'getHostHints',
79 expect: { '': {} }
80 }),
81
82 load: function() {
83 return Promise.all([
84 this.callHostHints()
85 ]);
86 },
87
88 render: function(data) {
89 var hosts = data[0],
90 m, s, o;
91
92 m = new form.Map('firewall', _('Firewall - Port Forwards'),
93 _('Port forwarding allows remote computers on the Internet to connect to a specific computer or service within the private LAN.'));
94
95 s = m.section(form.GridSection, 'redirect', _('Port Forwards'));
96 s.addremove = true;
97 s.anonymous = true;
98 s.sortable = true;
99
100 s.tab('general', _('General Settings'));
101 s.tab('advanced', _('Advanced Settings'));
102
103 s.filter = function(section_id) {
104 return (uci.get('firewall', section_id, 'target') != 'SNAT');
105 };
106
107 s.sectiontitle = function(section_id) {
108 return uci.get('firewall', section_id, 'name') || _('Unnamed forward');
109 };
110
111 s.handleAdd = function(ev) {
112 var config_name = this.uciconfig || this.map.config,
113 section_id = uci.add(config_name, this.sectiontype);
114
115 uci.set(config_name, section_id, 'target', 'DNAT');
116
117 this.addedSection = section_id;
118 this.renderMoreOptionsModal(section_id);
119 };
120
121 o = s.taboption('general', form.Value, 'name', _('Name'));
122 o.placeholder = _('Unnamed forward');
123 o.modalonly = true;
124
125 o = s.option(form.DummyValue, '_match', _('Match'));
126 o.modalonly = false;
127 o.textvalue = function(s) {
128 return E('small', [
129 forward_proto_txt(s), E('br'),
130 forward_src_txt(s), E('br'),
131 forward_via_txt(s)
132 ]);
133 };
134
135 o = s.option(form.ListValue, '_dest', _('Forward to'));
136 o.modalonly = false;
137 o.textvalue = function(s) {
138 var z = fwtool.fmt_zone(uci.get('firewall', s, 'dest'), _('any zone')),
139 a = fwtool.fmt_ip(uci.get('firewall', s, 'dest_ip'), _('any host')),
140 p = fwtool.fmt_port(uci.get('firewall', s, 'dest_port')) ||
141 fwtool.fmt_port(uci.get('firewall', s, 'src_dport'));
142
143 if (p)
144 return fmt(_('%s, %s in %s'), a, p, z);
145 else
146 return fmt(_('%s in %s'), a, z);
147 };
148
149 o = s.option(form.Flag, 'enabled', _('Enable'));
150 o.modalonly = false;
151 o.default = o.enabled;
152 o.editable = true;
153
154 o = s.taboption('general', form.Value, 'proto', _('Protocol'));
155 o.modalonly = true;
156 o.default = 'tcp udp';
157 o.value('tcp udp', 'TCP+UDP');
158 o.value('tcp', 'TCP');
159 o.value('udp', 'UDP');
160 o.value('icmp', 'ICMP');
161
162 o.cfgvalue = function(/* ... */) {
163 var v = this.super('cfgvalue', arguments);
164 return (v == 'tcpudp') ? 'tcp udp' : v;
165 };
166
167 o = s.taboption('general', widgets.ZoneSelect, 'src', _('Source zone'));
168 o.modalonly = true;
169 o.rmempty = false;
170 o.nocreate = true;
171 o.default = 'wan';
172
173 o = s.taboption('advanced', form.Value, 'src_mac', _('Source MAC address'),
174 _('Only match incoming traffic from these MACs.'));
175 o.modalonly = true;
176 o.rmempty = true;
177 o.datatype = 'neg(macaddr)';
178 o.placeholder = E('em', _('any'));
179 L.sortedKeys(hosts).forEach(function(mac) {
180 o.value(mac, '%s (%s)'.format(
181 mac,
182 hosts[mac].name || hosts[mac].ipv4 || hosts[mac].ipv6 || '?'
183 ));
184 });
185
186 o = s.taboption('advanced', form.Value, 'src_ip', _('Source IP address'),
187 _('Only match incoming traffic from this IP or range.'));
188 o.modalonly = true;
189 o.rmempty = true;
190 o.datatype = 'neg(ipmask4)';
191 o.placeholder = E('em', _('any'));
192 L.sortedKeys(hosts, 'ipv4', 'addr').forEach(function(mac) {
193 o.value(hosts[mac].ipv4, '%s (%s)'.format(
194 hosts[mac].ipv4,
195 hosts[mac].name || mac
196 ));
197 });
198
199 o = s.taboption('advanced', form.Value, 'src_port', _('Source port'),
200 _('Only match incoming traffic originating from the given source port or port range on the client host'));
201 o.modalonly = true;
202 o.rmempty = true;
203 o.datatype = 'neg(portrange)';
204 o.placeholder = _('any');
205 o.depends('proto', 'tcp');
206 o.depends('proto', 'udp');
207 o.depends('proto', 'tcp udp');
208 o.depends('proto', 'tcpudp');
209
210 o = s.taboption('advanced', form.Value, 'src_dip', _('External IP address'),
211 _('Only match incoming traffic directed at the given IP address.'));
212 o.modalonly = true;
213 o.rmempty = true;
214 o.datatype = 'neg(ipmask4)';
215 o.placeholder = E('em', _('any'));
216 L.sortedKeys(hosts, 'ipv4', 'addr').forEach(function(mac) {
217 o.value(hosts[mac].ipv4, '%s (%s)'.format(
218 hosts[mac].ipv4,
219 hosts[mac].name || mac
220 ));
221 });
222
223 o = s.taboption('general', form.Value, 'src_dport', _('External port'),
224 _('Match incoming traffic directed at the given destination port or port range on this host'));
225 o.modalonly = true;
226 o.rmempty = false;
227 o.datatype = 'neg(portrange)';
228 o.depends('proto', 'tcp');
229 o.depends('proto', 'udp');
230 o.depends('proto', 'tcp udp');
231 o.depends('proto', 'tcpudp');
232
233 o = s.taboption('general', widgets.ZoneSelect, 'dest', _('Internal zone'));
234 o.modalonly = true;
235 o.rmempty = true;
236 o.nocreate = true;
237 o.default = 'lan';
238
239 o = s.taboption('general', form.Value, 'dest_ip', _('Internal IP address'),
240 _('Redirect matched incoming traffic to the specified internal host'));
241 o.modalonly = true;
242 o.rmempty = true;
243 o.datatype = 'ipmask4';
244 L.sortedKeys(hosts, 'ipv4', 'addr').forEach(function(mac) {
245 o.value(hosts[mac].ipv4, '%s (%s)'.format(
246 hosts[mac].ipv4,
247 hosts[mac].name || mac
248 ));
249 });
250
251 o = s.taboption('general', form.Value, 'dest_port', _('Internal port'),
252 _('Redirect matched incoming traffic to the given port on the internal host'));
253 o.modalonly = true;
254 o.rmempty = true;
255 o.placeholder = _('any');
256 o.datatype = 'portrange';
257 o.depends('proto', 'tcp');
258 o.depends('proto', 'udp');
259 o.depends('proto', 'tcp udp');
260 o.depends('proto', 'tcpudp');
261
262 o = s.taboption('advanced', form.Flag, 'reflection', _('Enable NAT Loopback'));
263 o.modalonly = true;
264 o.rmempty = true;
265 o.default = o.enabled;
266
267 o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
268 _('Passes additional arguments to iptables. Use with care!'));
269 o.modalonly = true;
270 o.rmempty = true;
271
272 return m.render();
273 }
274 });
Lua Configuration Interface (mirror)