local nodes = {}
table.insert(nodes, entry({"admin", "network", "firewall"}, alias("admin", "network", "firewall", "zones"), i18n("fw_fw"), 60))
- table.insert(nodes, entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/general"), i18n("fw_zones"), 10))
- table.insert(nodes, entry({"admin", "network", "firewall", "portfw"}, cbi("luci_fw/portfw"), i18n("fw_portfw"), 20))
- table.insert(nodes, entry({"admin", "network", "firewall", "forwarding"}, cbi("luci_fw/routing"), i18n("fw_forwarding"), 30))
- table.insert(nodes, entry({"admin", "network", "firewall", "rules"}, cbi("luci_fw/firewall"), i18n("fw_rules"), 40))
- table.insert(nodes, entry({"admin", "network", "firewall", "customfwd"}, cbi("luci_fw/customfwd"), i18n("fw_custfwd"), 50))
+ table.insert(nodes, entry({"admin", "network", "firewall", "zones"}, cbi("luci_fw/zones"), i18n("fw_zones"), 10))
+ table.insert(nodes, entry({"admin", "network", "firewall", "redirection"}, cbi("luci_fw/redirect"), i18n("fw_redirect"), 30))
+ table.insert(nodes, entry({"admin", "network", "firewall", "traffic"}, cbi("luci_fw/traffic"), i18n("fw_traffic"), 20))
+
+ table.insert(nodes, entry({"admin", "network", "firewall", "rule"}, cbi("luci_fw/trule")))
+ nodes[#nodes].leaf = true
+ table.insert(nodes, entry({"admin", "network", "firewall", "redirect"}, cbi("luci_fw/rrule")))
+ nodes[#nodes].leaf = true
table.insert(nodes, entry({"mini", "network", "portfw"}, cbi("luci_fw/miniportfw"), i18n("fw_portfw", "Portweiterleitung"), 70))
fw_portfw = 'Portweiterleitung'
-fw_forwarding = 'Zone-zu-Zone Weiterleitung'
+fw_redirect = 'Umleitungen'
+fw_redirect_desc = 'Umleitungen erlauben es das Ziel von weitergeleiteten Paketen zu verändern.'
+fw_forwarding = 'Zone-zu-Zone Verkehr'
fw_fw = 'Firewall'
fw_zone = 'Zone'
fw_zones = 'Zonen'
fw_custfwd = 'Erweiterte Weiterleitung'
-fw_rules = 'Regeln für eingehenden Verkehr'
-fw_rules1 = 'An dieser Stelle können benutzerdefinierte Firewallregeln eingestellt werden um den Netzverkehr zu kontrollieren.'
+firewall_rule = 'Erweiterte Regeln'
+firewall_rule_desc = 'Mit erweiterten Regeln kann die Firewall an die eigenen Bedürfnisse angepasst werden. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert.'
fw_fw1 = 'Die Firewall erstellt Netzwerkzonen über bestimmte Netzwerkschnittstellen um den Netzverkehr zu trennen.'
+fw_src = 'Quelle'
+fw_dest = 'Ziel'
+fw_traffic = 'Verkehrskontrolle'
firewall_rule_src = 'Eingangszone'
firewall_rule_dest = 'Ausgangszone'
firewall_rule_srcip = 'Quelladresse'
firewall_redirect_destip_desc = 'IP-Adresse'
firewall_redirect_destport = 'Interner Port (optional)'
firewall_redirect_destport_desc = 'Port od. Erster-Letzter Port'
+firewall_redirect_srcip = 'Quelladresse'
+firewall_redirect_srcmac = 'Quell-MAC-Adresse'
fw_forwarding1 = 'An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert.'
firewall_forwarding_src = 'Eingang'
firewall_forwarding_dest = 'Ausgang'
<i18n:msgs xmlns:i18n="http://luci.freifunk-halle.net/2008/i18n#" xmlns="http://www.w3.org/1999/xhtml">
<i18n:msg xml:id="fw_portfw">Portweiterleitung</i18n:msg>
-<i18n:msg xml:id="fw_forwarding">Zone-zu-Zone Weiterleitung</i18n:msg>
+<i18n:msg xml:id="fw_redirect">Umleitungen</i18n:msg>
+<i18n:msg xml:id="fw_redirect_desc">Umleitungen erlauben es das Ziel von weitergeleiteten Paketen zu verändern.</i18n:msg>
+<i18n:msg xml:id="fw_forwarding">Zone-zu-Zone Verkehr</i18n:msg>
<i18n:msg xml:id="fw_fw">Firewall</i18n:msg>
<i18n:msg xml:id="fw_zone">Zone</i18n:msg>
<i18n:msg xml:id="fw_zones">Zonen</i18n:msg>
<i18n:msg xml:id="fw_custfwd">Erweiterte Weiterleitung</i18n:msg>
-<i18n:msg xml:id="fw_rules">Regeln für eingehenden Verkehr</i18n:msg>
-<i18n:msg xml:id="fw_rules1">An dieser Stelle können benutzerdefinierte Firewallregeln eingestellt werden um den Netzverkehr zu kontrollieren.</i18n:msg>
+<i18n:msg xml:id="firewall_rule">Erweiterte Regeln</i18n:msg>
+<i18n:msg xml:id="firewall_rule_desc">Mit erweiterten Regeln kann die Firewall an die eigenen Bedürfnisse angepasst werden. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert.</i18n:msg>
<i18n:msg xml:id="fw_fw1">Die Firewall erstellt Netzwerkzonen über bestimmte Netzwerkschnittstellen um den Netzverkehr zu trennen.</i18n:msg>
+<i18n:msg xml:id="fw_src">Quelle</i18n:msg>
+<i18n:msg xml:id="fw_dest">Ziel</i18n:msg>
+<i18n:msg xml:id="fw_traffic">Verkehrskontrolle</i18n:msg>
<i18n:msg xml:id="firewall_rule_src">Eingangszone</i18n:msg>
<i18n:msg xml:id="firewall_rule_dest">Ausgangszone</i18n:msg>
<i18n:msg xml:id="firewall_rule_srcip">Quelladresse</i18n:msg>
<i18n:msg xml:id="firewall_redirect_destip_desc">IP-Adresse</i18n:msg>
<i18n:msg xml:id="firewall_redirect_destport">Interner Port (optional)</i18n:msg>
<i18n:msg xml:id="firewall_redirect_destport_desc">Port od. Erster-Letzter Port</i18n:msg>
+<i18n:msg xml:id="firewall_redirect_srcip">Quelladresse</i18n:msg>
+<i18n:msg xml:id="firewall_redirect_srcmac">Quell-MAC-Adresse</i18n:msg>
+
<i18n:msg xml:id="fw_forwarding1">An dieser Stelle kann festgelegt zwischen welchen Zonen Netzverkehr hin und her fließen kann. Es werden nur neue Verbindungen betrachtet. Pakete, die zu bereits bestehenden Verbindungen gehören werden automatisch akzeptiert.</i18n:msg>
<i18n:msg xml:id="firewall_forwarding_src">Eingang</i18n:msg>
fw_portfw = 'Port forwarding'
-fw_forwarding = 'Zone-to-Zone forwarding'
+fw_redirect = 'Traffic Redirection'
+fw_redirect_desc = 'Traffic redirection allows you to change the destination address of forwarded packets.'
+fw_forwarding = 'Zone-to-Zone traffic'
fw_fw = 'Firewall'
fw_zone = 'Zone'
fw_zones = 'Zones'
fw_custfwd = 'Custom forwarding'
-fw_rules = 'Incoming traffic rules'
-fw_rules1 = 'Here you can create custom firewall rules to control your network traffic.'
fw_fw1 = 'The firewall creates zones over your network interfaces to control network traffic flow.'
+firewall_rule = 'Advanced Rules'
+firewall_rule_desc = 'Advanced rules let you customize the firewall to your needs. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall.'
firewall_rule_src = 'Input Zone'
firewall_rule_dest = 'Output Zone'
firewall_rule_srcip = 'Source address'
fw_accept = 'accept'
fw_reject = 'reject'
fw_drop = 'drop'
+fw_src = 'Source'
+fw_dest = 'Destination'
+fw_traffic = 'Traffic Control'
fw_portfw1 = 'Port forwarding allows to provide network services in the internal network to an external network.'
firewall_redirect_src_desc = 'External Zone'
firewall_redirect_srcdport = 'External port'
firewall_redirect_srcdport_desc = 'port or range as first-last'
+firewall_redirect_srcip = 'Source address'
+firewall_redirect_srcmac = 'Source MAC'
firewall_redirect_destip = 'Internal address'
firewall_redirect_destip_desc = 'IP-Address'
firewall_redirect_destport = 'Internal port (optional)'
<i18n:msgs xmlns:i18n="http://luci.freifunk-halle.net/2008/i18n#" xmlns="http://www.w3.org/1999/xhtml">
<i18n:msg xml:id="fw_portfw">Port forwarding</i18n:msg>
-<i18n:msg xml:id="fw_forwarding">Zone-to-Zone forwarding</i18n:msg>
+<i18n:msg xml:id="fw_redirect">Traffic Redirection</i18n:msg>
+<i18n:msg xml:id="fw_redirect_desc">Traffic redirection allows you to change the destination address of forwarded packets.</i18n:msg>
+<i18n:msg xml:id="fw_forwarding">Zone-to-Zone traffic</i18n:msg>
<i18n:msg xml:id="fw_fw">Firewall</i18n:msg>
<i18n:msg xml:id="fw_zone">Zone</i18n:msg>
<i18n:msg xml:id="fw_zones">Zones</i18n:msg>
<i18n:msg xml:id="fw_custfwd">Custom forwarding</i18n:msg>
-<i18n:msg xml:id="fw_rules">Incoming traffic rules</i18n:msg>
-<i18n:msg xml:id="fw_rules1">Here you can create custom firewall rules to control your network traffic.</i18n:msg>
<i18n:msg xml:id="fw_fw1">The firewall creates zones over your network interfaces to control network traffic flow.</i18n:msg>
+<i18n:msg xml:id="firewall_rule">Advanced Rules</i18n:msg>
+<i18n:msg xml:id="firewall_rule_desc">Advanced rules let you customize the firewall to your needs. Only new connections will be matched. Packets belonging to already open connections are automatically allowed to pass the firewall.</i18n:msg>
<i18n:msg xml:id="firewall_rule_src">Input Zone</i18n:msg>
<i18n:msg xml:id="firewall_rule_dest">Output Zone</i18n:msg>
<i18n:msg xml:id="firewall_rule_srcip">Source address</i18n:msg>
<i18n:msg xml:id="fw_accept">accept</i18n:msg>
<i18n:msg xml:id="fw_reject">reject</i18n:msg>
<i18n:msg xml:id="fw_drop">drop</i18n:msg>
+<i18n:msg xml:id="fw_src">Source</i18n:msg>
+<i18n:msg xml:id="fw_dest">Destination</i18n:msg>
+<i18n:msg xml:id="fw_traffic">Traffic Control</i18n:msg>
<i18n:msg xml:id="fw_portfw1">Port forwarding allows to provide network services in the internal network to an external network.</i18n:msg>
<i18n:msg xml:id="firewall_redirect_src_desc">External Zone</i18n:msg>
<i18n:msg xml:id="firewall_redirect_srcdport">External port</i18n:msg>
<i18n:msg xml:id="firewall_redirect_srcdport_desc">port or range as first-last</i18n:msg>
+<i18n:msg xml:id="firewall_redirect_srcip">Source address</i18n:msg>
+<i18n:msg xml:id="firewall_redirect_srcmac">Source MAC</i18n:msg>
<i18n:msg xml:id="firewall_redirect_destip">Internal address</i18n:msg>
<i18n:msg xml:id="firewall_redirect_destip_desc">IP-Address</i18n:msg>
<i18n:msg xml:id="firewall_redirect_destport">Internal port (optional)</i18n:msg>
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-require("luci.sys")
-m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1"))
-
-
-s = m:section(TypedSection, "redirect", "")
-s.addremove = true
-s.anonymous = true
-
-name = s:option(Value, "_name", translate("name"))
-name.rmempty = true
-name.size = 10
-
-iface = s:option(ListValue, "src", translate("fw_zone"))
-iface.default = "wan"
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- end)
-
-s:option(Value, "src_ip").optional = true
-s:option(Value, "src_mac").optional = true
-
-sport = s:option(Value, "src_port")
-sport.optional = true
-sport:depends("proto", "tcp")
-sport:depends("proto", "udp")
-sport:depends("proto", "tcpudp")
-
-proto = s:option(ListValue, "proto", translate("protocol"))
-proto.optional = true
-proto:value("")
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP+UDP")
-
-dport = s:option(Value, "src_dport")
-dport.size = 5
-dport.optional = true
-dport:depends("proto", "tcp")
-dport:depends("proto", "udp")
-dport:depends("proto", "tcpudp")
-
-to = s:option(Value, "dest_ip")
-for i, dataset in ipairs(luci.sys.net.arptable()) do
- to:value(dataset["IP address"])
-end
-
-toport = s:option(Value, "dest_port")
-toport.optional = true
-toport.size = 5
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-m = Map("firewall", translate("fw_rules"), translate("fw_rules1"))
-
-s = m:section(TypedSection, "rule", "")
-s.addremove = true
-s.anonymous = true
-
-iface = s:option(ListValue, "src")
-iface.rmempty = true
-
-oface = s:option(ListValue, "dest")
-oface:value("")
-oface.optional = true
-
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- oface:value(section.name)
- end)
-
-proto = s:option(ListValue, "proto", translate("protocol"))
-proto.optional = true
-proto:value("")
-proto:value("tcpudp", "TCP+UDP")
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("icmp", "ICMP")
-
-s:option(Value, "src_ip").optional = true
-s:option(Value, "dest_ip").optional = true
-s:option(Value, "src_mac").optional = true
-
-sport = s:option(Value, "src_port")
-sport.optional = true
-sport:depends("proto", "tcp")
-sport:depends("proto", "udp")
-sport:depends("proto", "tcpudp")
-
-dport = s:option(Value, "dest_port")
-dport.optional = true
-dport:depends("proto", "tcp")
-dport:depends("proto", "udp")
-dport:depends("proto", "tcpudp")
-
-jump = s:option(ListValue, "target")
-jump.rmempty = true
-jump.default = "ACCEPT"
-jump:value("DROP", translate("fw_drop"))
-jump:value("ACCEPT", translate("fw_accept"))
-jump:value("REJECT", translate("fw_reject"))
-
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-require("luci.tools.webadmin")
-m = Map("firewall", translate("fw_fw"), translate("fw_fw1"))
-
-s = m:section(TypedSection, "defaults")
-s.anonymous = true
-
-s:option(Flag, "syn_flood")
-
-p = {}
-p[1] = s:option(ListValue, "input")
-p[2] = s:option(ListValue, "output")
-p[3] = s:option(ListValue, "forward")
-
-for i, v in ipairs(p) do
- v:value("REJECT", translate("fw_reject"))
- v:value("DROP", translate("fw_drop"))
- v:value("ACCEPT", translate("fw_accept"))
-end
-
-
-s = m:section(TypedSection, "zone", translate("fw_zones"))
-s.template = "cbi/tblsection"
-s.anonymous = true
-s.addremove = true
-
-name = s:option(Value, "name", translate("name"))
-name.size = 8
-
-p = {}
-p[1] = s:option(ListValue, "input")
-p[2] = s:option(ListValue, "output")
-p[3] = s:option(ListValue, "forward")
-
-for i, v in ipairs(p) do
- v:value("REJECT", translate("fw_reject"))
- v:value("DROP", translate("fw_drop"))
- v:value("ACCEPT", translate("fw_accept"))
-end
-
-s:option(Flag, "masq")
-
-net = s:option(MultiValue, "network")
-net.widget = "select"
-net.rmempty = true
-luci.tools.webadmin.cbi_add_networks(net)
-
-function net.cfgvalue(self, section)
- local value = MultiValue.cfgvalue(self, section)
- return value or name:cfgvalue(section)
-end
-
-return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-require("luci.sys")
-m = Map("firewall", translate("fw_portfw"), translate("fw_portfw1"))
-
-
-s = m:section(TypedSection, "redirect", "")
-s.template = "cbi/tblsection"
-s.addremove = true
-s.anonymous = true
-
-name = s:option(Value, "_name", translate("name"), translate("cbi_optional"))
-name.size = 10
-
-iface = s:option(ListValue, "src", translate("fw_zone"))
-iface.default = "wan"
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- end)
-
-proto = s:option(ListValue, "proto", translate("protocol"))
-proto:value("tcp", "TCP")
-proto:value("udp", "UDP")
-proto:value("tcpudp", "TCP+UDP")
-
-dport = s:option(Value, "src_dport")
-dport.size = 5
-
-to = s:option(Value, "dest_ip")
-for i, dataset in ipairs(luci.sys.net.arptable()) do
- to:value(dataset["IP address"])
-end
-
-toport = s:option(Value, "dest_port")
-toport.size = 5
-
-return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+m = Map("firewall", translate("fw_redirect"), translate("fw_redirect_desc"))
+
+
+s = m:section(TypedSection, "redirect", "")
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "redirect", "%s")
+
+name = s:option(Value, "_name", translate("name"), translate("cbi_optional"))
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("fw_zone"))
+iface.default = "wan"
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ end)
+
+proto = s:option(ListValue, "proto", translate("protocol"))
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport")
+dport.size = 5
+
+to = s:option(Value, "dest_ip")
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port")
+toport.size = 5
+
+return m
+++ /dev/null
---[[
-LuCI - Lua Configuration Interface
-
-Copyright 2008 Steven Barth <steven@midlink.org>
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-$Id$
-]]--
-m = Map("firewall", translate("fw_forwarding"), translate("fw_forwarding1"))
-
-s = m:section(TypedSection, "forwarding", "")
-s.template = "cbi/tblsection"
-s.addremove = true
-s.anonymous = true
-
-iface = s:option(ListValue, "src")
-oface = s:option(ListValue, "dest")
-
-luci.model.uci.cursor():foreach("firewall", "zone",
- function (section)
- iface:value(section.name)
- oface:value(section.name)
- end)
-
-return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.sys")
+arg[1] = arg[1] or ""
+
+m = Map("firewall", translate("fw_redirect"), translate("fw_redirect_desc"))
+
+
+s = m:section(NamedSection, arg[1], "redirect", "")
+s.anonymous = true
+
+name = s:option(Value, "_name", translate("name"))
+name.rmempty = true
+name.size = 10
+
+iface = s:option(ListValue, "src", translate("fw_zone"))
+iface.default = "wan"
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ end)
+
+s:option(Value, "src_ip", translate("firewall_redirect_srcip")).optional = true
+s:option(Value, "src_mac", translate("firewall_redirect_srcmac")).optional = true
+
+sport = s:option(Value, "src_port", translate("firewall_redirect_srcport"))
+sport.optional = true
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+sport:depends("proto", "tcpudp")
+
+proto = s:option(ListValue, "proto", translate("protocol"))
+proto.optional = true
+proto:value("")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("tcpudp", "TCP+UDP")
+
+dport = s:option(Value, "src_dport", translate("firewall_redirect_srcdport"))
+dport.size = 5
+dport.optional = true
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+dport:depends("proto", "tcpudp")
+
+to = s:option(Value, "dest_ip", translate("firewall_redirect_destip"))
+for i, dataset in ipairs(luci.sys.net.arptable()) do
+ to:value(dataset["IP address"])
+end
+
+toport = s:option(Value, "dest_port", translate("firewall_redirect_destport"))
+toport.optional = true
+toport.size = 5
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+Copyright 2008 Jo-Philipp Wich <xm@leipzig.freifunk.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+
+m = Map("firewall", translate("fw_traffic"))
+s = m:section(TypedSection, "forwarding", translate("fw_forwarding"), translate("fw_forwarding1"))
+s.template = "cbi/tblsection"
+s.addremove = true
+s.anonymous = true
+
+iface = s:option(ListValue, "src", translate("fw_src"))
+oface = s:option(ListValue, "dest", translate("fw_dest"))
+
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ oface:value(section.name)
+ end)
+
+
+
+s = m:section(TypedSection, "rule")
+s.addremove = true
+s.anonymous = true
+s.template = "cbi/tblsection"
+s.extedit = luci.dispatcher.build_url("admin", "network", "firewall", "rule", "%s")
+
+local created = nil
+
+function s.create(self, section)
+ created = TypedSection.create(self, section)
+end
+
+function s.parse(self, ...)
+ TypedSection.parse(self, ...)
+ if created then
+ m.uci:save("firewall")
+ luci.http.redirect(luci.dispatcher.build_url(
+ "admin", "network", "firewall", "rule", created
+ ))
+ end
+end
+
+s:option(DummyValue, "_name", translate("name"))
+s:option(DummyValue, "proto", translate("protocol"))
+
+src = s:option(DummyValue, "src", translate("fw_src"))
+function src.cfgvalue(self, s)
+ return "%s:%s:%s" % {
+ self.map:get(s, "src") or "*",
+ self.map:get(s, "src_ip") or "0.0.0.0/0",
+ self.map:get(s, "src_port") or "*"
+ }
+end
+
+dest = s:option(DummyValue, "dest", translate("fw_dest"))
+function dest.cfgvalue(self, s)
+ return "%s:%s:%s" % {
+ self.map:get(s, "dest") or "*",
+ self.map:get(s, "dest_ip") or "0.0.0.0/0",
+ self.map:get(s, "dest_port") or "*"
+ }
+end
+
+
+s:option(DummyValue, "target")
+
+
+return m
\ No newline at end of file
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+arg[1] = arg[1] or ""
+m = Map("firewall", translate("firewall_rule"), translate("firewall_rule_desc"))
+
+s = m:section(NamedSection, arg[1], "rule", "")
+s.anonymous = true
+
+name = s:option(Value, "_name", translate("name")..translate("cbi_optional"))
+name.rmempty = true
+
+iface = s:option(ListValue, "src", translate("firewall_rule_src"))
+iface.rmempty = true
+
+oface = s:option(ListValue, "dest", translate("firewall_rule_dest"))
+oface:value("")
+oface.optional = true
+
+luci.model.uci.cursor():foreach("firewall", "zone",
+ function (section)
+ iface:value(section.name)
+ oface:value(section.name)
+ end)
+
+proto = s:option(ListValue, "proto", translate("protocol"))
+proto.optional = true
+proto:value("")
+proto:value("tcpudp", "TCP+UDP")
+proto:value("tcp", "TCP")
+proto:value("udp", "UDP")
+proto:value("icmp", "ICMP")
+
+s:option(Value, "src_ip", translate("firewall_rule_srcip")).optional = true
+s:option(Value, "dest_ip", translate("firewall_rule_destip")).optional = true
+s:option(Value, "src_mac", translate("firewall_rule_srcmac")).optional = true
+
+sport = s:option(Value, "src_port", translate("firewall_rule_srcport"))
+sport.optional = true
+sport:depends("proto", "tcp")
+sport:depends("proto", "udp")
+sport:depends("proto", "tcpudp")
+
+dport = s:option(Value, "dest_port", translate("firewall_rule_destport"))
+dport.optional = true
+dport:depends("proto", "tcp")
+dport:depends("proto", "udp")
+dport:depends("proto", "tcpudp")
+
+jump = s:option(ListValue, "target", translate("firewall_rule_target"))
+jump.rmempty = true
+jump.default = "ACCEPT"
+jump:value("DROP", translate("fw_drop"))
+jump:value("ACCEPT", translate("fw_accept"))
+jump:value("REJECT", translate("fw_reject"))
+
+
+return m
--- /dev/null
+--[[
+LuCI - Lua Configuration Interface
+
+Copyright 2008 Steven Barth <steven@midlink.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+$Id$
+]]--
+require("luci.tools.webadmin")
+m = Map("firewall", translate("fw_fw"), translate("fw_fw1"))
+
+s = m:section(TypedSection, "defaults")
+s.anonymous = true
+
+s:option(Flag, "syn_flood")
+
+p = {}
+p[1] = s:option(ListValue, "input")
+p[2] = s:option(ListValue, "output")
+p[3] = s:option(ListValue, "forward")
+
+for i, v in ipairs(p) do
+ v:value("REJECT", translate("fw_reject"))
+ v:value("DROP", translate("fw_drop"))
+ v:value("ACCEPT", translate("fw_accept"))
+end
+
+
+s = m:section(TypedSection, "zone", translate("fw_zones"))
+s.template = "cbi/tblsection"
+s.anonymous = true
+s.addremove = true
+
+name = s:option(Value, "name", translate("name"))
+name.size = 8
+
+p = {}
+p[1] = s:option(ListValue, "input")
+p[2] = s:option(ListValue, "output")
+p[3] = s:option(ListValue, "forward")
+
+for i, v in ipairs(p) do
+ v:value("REJECT", translate("fw_reject"))
+ v:value("DROP", translate("fw_drop"))
+ v:value("ACCEPT", translate("fw_accept"))
+end
+
+s:option(Flag, "masq")
+
+net = s:option(MultiValue, "network")
+net.widget = "select"
+net.rmempty = true
+luci.tools.webadmin.cbi_add_networks(net)
+
+function net.cfgvalue(self, section)
+ local value = MultiValue.cfgvalue(self, section)
+ return value or name:cfgvalue(section)
+end
+
+return m