luci-app-firewall: initial firewall4 compatibility

Initial changes required for firewall4 compatibility: * depend on uc-firewall instead of firewall * detect installed version of firewall and hide incompatible features Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2021-11-04 04:01:43 +02:00 · 2021-11-04 04:01:43 +02:00 · 48599d8d1d
parent dc0ed9ca93
commit 48599d8d1d
7 changed files with 48 additions and 36 deletions
--- a/applications/luci-app-firewall/Makefile
+++ b/applications/luci-app-firewall/Makefile
@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk

 LUCI_TITLE:=Firewall and Portforwarding application
-LUCI_DEPENDS:=+firewall
+LUCI_DEPENDS:=+uci-firewall

 PKG_LICENSE:=Apache-2.0

--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
@ -281,10 +281,12 @@ return view.extend({
 		fwtool.addLimitOption(s);
 		fwtool.addLimitBurstOption(s);

-		o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
-			_('Passes additional arguments to iptables. Use with care!'));
-		o.modalonly = true;
-		o.rmempty = true;
+		if (!L.hasSystemFeature('firewall4')) {
+			o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
+				_('Passes additional arguments to iptables. Use with care!'));
+			o.modalonly = true;
+			o.rmempty = true;
+		}

 		return m.render();
 	}
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@ -432,9 +432,11 @@ return view.extend({
 		fwtool.addLimitOption(s);
 		fwtool.addLimitBurstOption(s);

-		o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
-			_('Passes additional arguments to iptables. Use with care!'));
-		o.modalonly = true;
+		if (!L.hasSystemFeature('firewall4')) {
+			o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
+				_('Passes additional arguments to iptables. Use with care!'));
+			o.modalonly = true;
+		}

 		o = s.taboption('timed', form.MultiValue, 'weekdays', _('Week Days'));
 		o.modalonly = true;
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
@ -245,10 +245,12 @@ return view.extend({
 		fwtool.addLimitOption(s);
 		fwtool.addLimitBurstOption(s);

-		o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
-			_('Passes additional arguments to iptables. Use with care!'));
-		o.modalonly = true;
-		o.rmempty = true;
+		if (!L.hasSystemFeature('firewall4')) {
+			o = s.taboption('advanced', form.Value, 'extra', _('Extra arguments'),
+				_('Passes additional arguments to iptables. Use with care!'));
+			o.modalonly = true;
+			o.rmempty = true;
+		}

 		o = s.taboption('timed', form.MultiValue, 'weekdays', _('Week Days'));
 		o.modalonly = true;
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
@ -269,32 +269,34 @@ return view.extend({
 		o.placeholder = '10/minute';
 		o.modalonly = true;

-		o = s.taboption('extra', form.DummyValue, '_extrainfo');
-		o.rawhtml = true;
-		o.modalonly = true;
-		o.cfgvalue = function(section_id) {
-			return _('Passing raw iptables arguments to source and destination traffic classification rules allows to match packets based on other criteria than interfaces or subnets. These options should be used with extreme care as invalid values could render the firewall ruleset broken, completely exposing all services.');
-		};
+		if (!L.hasSystemFeature('firewall4')) {
+			o = s.taboption('extra', form.DummyValue, '_extrainfo');
+			o.rawhtml = true;
+			o.modalonly = true;
+			o.cfgvalue = function(section_id) {
+				return _('Passing raw iptables arguments to source and destination traffic classification rules allows to match packets based on other criteria than interfaces or subnets. These options should be used with extreme care as invalid values could render the firewall ruleset broken, completely exposing all services.');
+			};

-		o = s.taboption('extra', form.Value, 'extra_src', _('Extra source arguments'), _('Additional raw <em>iptables</em> arguments to classify zone source traffic, e.g. <code>-p tcp --sport 443</code> to only match inbound HTTPS traffic.'));
-		o.modalonly = true;
-		o.cfgvalue = function(section_id) {
-			return uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
-		};
-		o.write = function(section_id, value) {
-			uci.unset('firewall', section_id, 'extra');
-			uci.set('firewall', section_id, 'extra_src', value);
-		};
+			o = s.taboption('extra', form.Value, 'extra_src', _('Extra source arguments'), _('Additional raw <em>iptables</em> arguments to classify zone source traffic, e.g. <code>-p tcp --sport 443</code> to only match inbound HTTPS traffic.'));
+			o.modalonly = true;
+			o.cfgvalue = function(section_id) {
+				return uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
+			};
+			o.write = function(section_id, value) {
+				uci.unset('firewall', section_id, 'extra');
+				uci.set('firewall', section_id, 'extra_src', value);
+			};

-		o = s.taboption('extra', form.Value, 'extra_dest', _('Extra destination arguments'), _('Additional raw <em>iptables</em> arguments to classify zone destination traffic, e.g. <code>-p tcp --dport 443</code> to only match outbound HTTPS traffic.'));
-		o.modalonly = true;
-		o.cfgvalue = function(section_id) {
-			return uci.get('firewall', section_id, 'extra_dest') || uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
-		};
-		o.write = function(section_id, value) {
-			uci.unset('firewall', section_id, 'extra');
-			uci.set('firewall', section_id, 'extra_dest', value);
-		};
+			o = s.taboption('extra', form.Value, 'extra_dest', _('Extra destination arguments'), _('Additional raw <em>iptables</em> arguments to classify zone destination traffic, e.g. <code>-p tcp --dport 443</code> to only match outbound HTTPS traffic.'));
+			o.modalonly = true;
+			o.cfgvalue = function(section_id) {
+				return uci.get('firewall', section_id, 'extra_dest') || uci.get('firewall', section_id, 'extra_src') || uci.get('firewall', section_id, 'extra');
+			};
+			o.write = function(section_id, value) {
+				uci.unset('firewall', section_id, 'extra');
+				uci.set('firewall', section_id, 'extra_dest', value);
+			};
+		}

 		o = s.taboption('general', form.DummyValue, '_forwardinfo');
 		o.rawhtml = true;
--- a/applications/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json
+++ b/applications/luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json
@ -56,6 +56,9 @@
 		"action": {
 			"type": "view",
 			"path": "firewall/custom"
+		},
+		"depends": {
+			"fs": { "/usr/share/fw3/helpers.conf": "file" }
 		}
 	}
 }
--- a/modules/luci-base/root/usr/libexec/rpcd/luci
+++ b/modules/luci-base/root/usr/libexec/rpcd/luci
@ -207,6 +207,7 @@ local methods = {
 			local ok, fd

 			rv.firewall      = fs.access("/sbin/fw3")
+			rv.firewall4     = fs.access("/sbin/fw4")
 			rv.opkg          = fs.access("/bin/opkg")
 			rv.offloading    = fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt")
 			rv.br2684ctl     = fs.access("/usr/sbin/br2684ctl")