luci-app-firewall: add masq6 option for zones
authorTianling Shen <cnsztl@immortalwrt.org>
Tue, 28 Mar 2023 16:56:55 +0000 (00:56 +0800)
committerTianling Shen <cnsztl@immortalwrt.org>
Thu, 30 Mar 2023 09:43:54 +0000 (17:43 +0800)
Allow configure Masquerading6 via LuCI interface.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js

index e19e466e1b3791799dadc1964bcc65559d4c4aea..f07df061536eb3f97f35f38ab6af0ad3e9a59435 100644 (file)
@@ -33,6 +33,7 @@ return view.extend({
                var ctHelpers = data[0],
                    fwDefaults = data[1],
                    m, s, o, inp, out;
+               var fw4 = L.hasSystemFeature('firewall4');
 
                m = new form.Map('firewall', _('Firewall - Zone Settings'),
                        _('The firewall creates zones over your network interfaces to control network traffic flow.'));
@@ -158,12 +159,13 @@ return view.extend({
                p[2].default = fwDefaults.getForward();
 
                o = s.taboption('general', form.Flag, 'masq', _('Masquerading'),
-                       _('Enable network address and port translation (NAT or NAPT) for outbound traffic on this zone. This is typically enabled on the <em>wan</em> zone.'));
+                       _('Enable network address and port translation IPv4 (NAT4 or NAPT4) for outbound traffic on this zone. This is typically enabled on the <em>wan</em> zone.'));
                o.editable = true;
                o.tooltip = function(section_id) {
+                       var family = uci.get('firewall', section_id, 'family')
                        var masq_src = uci.get('firewall', section_id, 'masq_src')
                        var masq_dest = uci.get('firewall', section_id, 'masq_dest')
-                       if (masq_src || masq_dest)
+                       if ((!family || family.indexOf('6') == -1) && (masq_src || masq_dest))
                                return _('Limited masquerading enabled');
 
                        return null;
@@ -230,6 +232,20 @@ return view.extend({
                o.modalonly = true;
                o.multiple = true;
 
+               if (fw4) {
+                       o = s.taboption('advanced', form.Flag, 'masq6', _('IPv6 Masquerading'),
+                               _('Enable network address and port translation IPv6 (NAT6 or NAPT6) for outbound traffic on this zone.'));
+                       o.modalonly = true;
+                       o.tooltip = function(section_id) {
+                               var family = uci.get('firewall', section_id, 'family')
+                               var masq_src = uci.get('firewall', section_id, 'masq_src')
+                               var masq_dest = uci.get('firewall', section_id, 'masq_dest')
+                               if ((!family || family.indexOf('6') >= 0) && (masq_src || masq_dest))
+                                       return _('Limited masquerading enabled');
+                               return null;
+                       };
+               }
+
                o = s.taboption('advanced', form.ListValue, 'family', _('Restrict to address family'));
                o.value('', _('IPv4 and IPv6'));
                o.value('ipv4', _('IPv4 only'));
@@ -237,16 +253,24 @@ return view.extend({
                o.modalonly = true;
 
                o = s.taboption('advanced', form.DynamicList, 'masq_src', _('Restrict Masquerading to given source subnets'));
-               o.depends('family', '');
-               o.depends('family', 'ipv4');
-               o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+               if (fw4) {
+                       o.datatype = 'list(neg(or(uciname,hostname,ipmask)))';
+               } else {
+                       o.depends('family', '');
+                       o.depends('family', 'ipv4');
+                       o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+               }
                o.placeholder = '0.0.0.0/0';
                o.modalonly = true;
 
                o = s.taboption('advanced', form.DynamicList, 'masq_dest', _('Restrict Masquerading to given destination subnets'));
-               o.depends('family', '');
-               o.depends('family', 'ipv4');
-               o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+               if (fw4) {
+                       o.datatype = 'list(neg(or(uciname,hostname,ipmask)))';
+               } else {
+                       o.depends('family', '');
+                       o.depends('family', 'ipv4');
+                       o.datatype = 'list(neg(or(uciname,hostname,ipmask4)))';
+               }
                o.placeholder = '0.0.0.0/0';
                o.modalonly = true;