luci-firewall: Add support for negations for ip addresses/nets (#218)

bb2d7517 · Manuel Munz · 5a1e9354 · bb2d7517 · bb2d7517 · bb2d7517
5 changed file
--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/rrule.lua
@@ -121,7 +121,7 @@ src_mac.placeholder = translate("any")

 src_ip = s:taboption("advanced", Value, "src_ip", translate("Source IP address"))
 src_ip.optional = true
-src_ip.datatype = "ip4addr"
+src_ip.datatype = "neg_ip4addr"
 src_ip.placeholder = translate("any")

 sport = s:taboption("advanced", Value, "src_port", translate("Source port"),

--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/trule.lua
@@ -106,7 +106,7 @@ icmpt:value("address-mask-reply")

 src_ip = s:taboption("general", Value, "src_ip", translate("Source address"))
 src_ip.optional = true
-src_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
+src_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
 src_ip.placeholder = translate("any")

 sport = s:taboption("general", Value, "src_port", translate("Source port"))
@@ -119,7 +119,7 @@ sport:depends("proto", "tcpudp")

 dest_ip = s:taboption("general", Value, "dest_ip", translate("Destination address"))
 dest_ip.optional = true
-dest_ip.datatype = has_v2 and "ipaddr" or "ip4addr"
+dest_ip.datatype = has_v2 and "neg_ipaddr" or "neg_ip4addr"
 dest_ip.placeholder = translate("any")

 dport = s:taboption("general", Value, "dest_port", translate("Destination port"))

--- a/applications/luci-firewall/luasrc/model/cbi/luci_fw/zone.lua
+++ b/applications/luci-firewall/luasrc/model/cbi/luci_fw/zone.lua
@@ -129,7 +129,7 @@ msrc = s:taboption("advanced", DynamicList, "masq_src",
 	translate("Restrict Masquerading to given source subnets"))

 msrc.optional = true
-msrc.datatype = "ip4addr"
+msrc.datatype = "neg_ip4addr"
 msrc.placeholder = "0.0.0.0/0"
 msrc:depends("family", "")
 msrc:depends("family", "ipv4")
@@ -138,7 +138,7 @@ mdest = s:taboption("advanced", DynamicList, "masq_dest",
 	translate("Restrict Masquerading to given destination subnets"))

 mdest.optional = true
-mdest.datatype = "ip4addr"
+mdest.datatype = "neg_ip4addr"
 mdest.placeholder = "0.0.0.0/0"
 mdest:depends("family", "")
 mdest:depends("family", "ipv4")

--- a/libs/web/htdocs/luci-static/resources/cbi.js
+++ b/libs/web/htdocs/luci-static/resources/cbi.js
@@ -42,6 +42,11 @@ var cbi_validators = {
 		return cbi_validators.ip4addr(v) || cbi_validators.ip6addr(v);
 	},

+	'neg_ipaddr': function(v)
+	{
+		return cbi_validators.ip4addr(v.replace(/^\s*!/, "")) || cbi_validators.ip6addr(v.replace(/^\s*!/, ""));
+	},
+
 	'ip4addr': function(v)
 	{
 		if( v.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)(\/(\d+))?$/) )
@@ -57,6 +62,11 @@ var cbi_validators = {
 		return false;
 	},

+	'neg_ip4addr': function(v)
+	{
+		return cbi_validators.ip4addr(v.replace(/^\s*!/, ""));
+	},
+
 	'ip6addr': function(v)
 	{
 		if( v.match(/^([a-fA-F0-9:.]+)(\/(\d+))?$/) )

--- a/libs/web/luasrc/cbi/datatypes.lua
+++ b/libs/web/luasrc/cbi/datatypes.lua
@@ -17,8 +17,8 @@ local fs = require "nixio.fs"
 local ip = require "luci.ip"
 local math = require "math"
 local util = require "luci.util"
+local tonumber, type = tonumber, type

-local tonumber = tonumber

 module "luci.cbi.datatypes"

@@ -66,6 +66,13 @@ function ipaddr(val)
 	return ip4addr(val) or ip6addr(val)
 end

+function neg_ipaddr(v)
+	if type(v) == "string" then
+		v = v:gsub("^%s*!", "")
+	end
+	return v and ipaddr(v)
+end
+
 function ip4addr(val)
 	if val then
 		return ip.IPv4(val) and true or false
@@ -74,6 +81,13 @@ function ip4addr(val)
 	return false
 end

+function neg_ip4addr(v)
+	if type(v) == "string" then
+		v = v:gsub("^%s*!", "")
+	end
+		return v and ip4addr(v)
+end
+
 function ip4prefix(val)
 	val = tonumber(val)
 	return ( val and val >= 0 and val <= 32 )