luci-app-firewall: support 'helper' and 'set_helper' parameters for rules
authorJo-Philipp Wich <jo@mein.io>
Thu, 16 Jan 2020 15:12:38 +0000 (16:12 +0100)
committerJo-Philipp Wich <jo@mein.io>
Tue, 28 Jan 2020 17:30:39 +0000 (18:30 +0100)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d601e79da593528599829290859769d72412f426)

applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js

index 8c50baa820532e7b14137d37f69adb29e8cb7a0d..1d9af33fca57a8518be9ddc087013ea0867f65cb 100644 (file)
@@ -148,14 +148,23 @@ return L.view.extend({
                expect: { '': {} }
        }),
 
+       callConntrackHelpers: rpc.declare({
+               object: 'luci',
+               method: 'getConntrackHelpers',
+               expect: { result: [] }
+       }),
+
        load: function() {
-               return this.callHostHints().catch(function(e) {
-                       console.debug('load fail', e);
-               });
+               return Promise.all([
+                       this.callHostHints(),
+                       this.callConntrackHelpers()
+               ]);
        },
 
-       render: function(hosts) {
-               var m, s, o;
+       render: function(data) {
+               var hosts = data[0],
+                   ctHelpers = data[1],
+                   m, s, o;
 
                m = new form.Map('firewall', _('Firewall - Traffic Rules'),
                        _('Traffic rules define policies for packets traveling between different zones, for example to reject traffic between certain hosts or to open WAN ports on the router.'));
@@ -383,6 +392,32 @@ return L.view.extend({
                o.value('ACCEPT', _('accept'));
                o.value('REJECT', _('reject'));
                o.value('NOTRACK', _("don't track"));
+               o.value('HELPER', _('assign conntrack helper'));
+
+               o = s.taboption('general', form.ListValue, 'set_helper', _('Tracking helper'), _('Assign the specified connection tracking helper to matched traffic.'));
+               o.modalonly = true;
+               o.placeholder = _('any');
+               o.depends('target', 'HELPER');
+               for (var i = 0; i < ctHelpers.length; i++)
+                       o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+
+               o = s.taboption('advanced', form.Value, 'helper', _('Match helper'), _('Match traffic using the specified connection tracking helper.'));
+               o.modalonly = true;
+               o.placeholder = _('any');
+               for (var i = 0; i < ctHelpers.length; i++)
+                       o.value(ctHelpers[i].name, '%s (%s)'.format(ctHelpers[i].description, ctHelpers[i].name.toUpperCase()));
+               o.validate = function(section_id, value) {
+                       if (value == '' || value == null)
+                               return true;
+
+                       value = value.replace(/^!\s*/, '');
+
+                       for (var i = 0; i < ctHelpers.length; i++)
+                               if (value == ctHelpers[i].name)
+                                       return true;
+
+                       return _('Unknown or not installed conntrack helper "%s"').format(value);
+               };
 
                o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
                        _('Passes additional arguments to iptables. Use with care!'));