luci-firewall: Add support for negations for ip addresses/nets (#218)

diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
index 74617e08b7a71c7be4f601958ca840241f0c5a0f..ddecad33ed76db254c561421297153ce859583a8 100644 (file)
--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
@@ -121,7 +121,7 @@ src_mac.placeholder = translate("any")
 
 src_ip = s:taboption("advanced", Value, "src_ip", translate("Source IP address"))
 src_ip.optional = true
-src_ip.datatype = "ip4addr"
+src_ip.datatype = "neg_ip4addr"
 src_ip.placeholder = translate("any")
 
 sport = s:taboption("advanced", Value, "src_port", translate("Source port"),

diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
index 5b6207192f80957e3d0d12ca03aa589d05faa04b..10a9869490236615817b8e198208b9c879006b74 100644 (file)
--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
@@ -106,7 +106,7 @@ icmpt:value("address-mask-reply")
 
 src_ip = s:taboption("general", Value, "src_ip", translate("Source address"))
 src_ip.optional = true
-src_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
+src_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
 src_ip.placeholder = translate("any")
 
 sport = s:taboption("general", Value, "src_port", translate("Source port"))
@@ -119,7 +119,7 @@ sport:depends("proto", "tcpudp")
 
 dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address"))
 dest_ip.optional = true
-dest_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
+dest_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
 dest_ip.placeholder = translate("any")
 
 dport = s:taboption("general", Value, "dest_port", translate("Destination port"))

diff --git a/applications/luci-firewall/luasrc/model/cbi/luci_fw/zone.lua b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zone.lua
index 00695a79c25aa133d98cc199a57b485ff9559137..30fcd476bd967c1d3ee75efe9fe1254711cb10a4 100644 (file)
--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/zone.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zone.lua
@@ -129,7 +129,7 @@ msrc = s:taboption("advanced", DynamicList, "masq_src",
        translate("Restrict Masquerading to given source subnets"))
 
 msrc.optional = true
-msrc.datatype = "ip4addr"
+msrc.datatype = "neg_ip4addr"
 msrc.placeholder = "0.0.0.0/0"
 msrc:depends("family", "")
 msrc:depends("family", "ipv4")
@@ -138,7 +138,7 @@ mdest = s:taboption("advanced", DynamicList, "masq_dest",
        translate("Restrict Masquerading to given destination subnets"))
 
 mdest.optional = true
-mdest.datatype = "ip4addr"
+mdest.datatype = "neg_ip4addr"
 mdest.placeholder = "0.0.0.0/0"
 mdest:depends("family", "")
 mdest:depends("family", "ipv4")

diff --git a/libs/web/htdocs/luci-static/resources/cbi.js b/libs/web/htdocs/luci-static/resources/cbi.js
index ddafd791805dfbfaa2ef0219ec0a01fedee1d164..a8814d451fc44e3c7bd2d5fa00161b807f52d4b1 100644 (file)
--- a/libs/web/htdocs/luci-static/resources/cbi.js
+++ b/libs/web/htdocs/luci-static/resources/cbi.js
@@ -42,6 +42,11 @@ var cbi_validators = {
                return cbi_validators.ip4addr(v) || cbi_validators.ip6addr(v);
        },
 
+       'neg_ipaddr': function(v)
+       {
+               return cbi_validators.ip4addr(v.replace(/^\s*!/, "")) || cbi_validators.ip6addr(v.replace(/^\s*!/, ""));
+       },
+
        'ip4addr': function(v)
        {
                if( v.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)(\/(\d+))?$/) )
@@ -57,6 +62,11 @@ var cbi_validators = {
                return false;
        },
 
+       'neg_ip4addr': function(v)
+       {
+               return cbi_validators.ip4addr(v.replace(/^\s*!/, ""));
+       },
+
        'ip6addr': function(v)
        {
                if( v.match(/^([a-fA-F0-9:.]+)(\/(\d+))?$/) )

diff --git a/libs/web/luasrc/cbi/datatypes.lua b/libs/web/luasrc/cbi/datatypes.lua
index b543d9fe5ee7287ba62397260d5aacd5e1ed4e9b..d4603cf2a388403d8988d2aec3e9d91a52ab0676 100644 (file)
--- a/libs/web/luasrc/cbi/datatypes.lua
+++ b/libs/web/luasrc/cbi/datatypes.lua
@@ -17,8 +17,8 @@ local fs = require "nixio.fs"
 local ip = require "luci.ip"
 local math = require "math"
 local util = require "luci.util"
+local tonumber, type = tonumber, type
 
-local tonumber = tonumber
 
 module "luci.cbi.datatypes"
 
@@ -66,6 +66,13 @@ function ipaddr(val)
        return ip4addr(val) or ip6addr(val)
 end
 
+function neg_ipaddr(v)
+       if type(v) == "string" then
+               v = v:gsub("^%s*!", "")
+       end
+       return v and ipaddr(v)
+end
+
 function ip4addr(val)
        if val then
                return ip.IPv4(val) and true or false
@@ -74,6 +81,13 @@ function ip4addr(val)
        return false
 end
 
+function neg_ip4addr(v)
+       if type(v) == "string" then
+               v = v:gsub("^%s*!", "")
+       end
+               return v and ip4addr(v)
+end
+
 function ip4prefix(val)
        val = tonumber(val)
        return ( val and val >= 0 and val <= 32 )