add 「Tunnel Interface Firewall Zone」option

makeding · Oct 4, 2024 · efac27c · efac27c
1 parent 051cb3b
commit efac27c
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 43 deletions.
diff --git a/htdocs/luci-static/resources/view/fleth.js b/htdocs/luci-static/resources/view/fleth.js
@@ -51,28 +51,26 @@ return view.extend({
     o.cfgvalue = function () {
       return _(data.status[1]);
     };
-    if (data.mape_status.length > 1) {
-      if (data.mape_status[0] !== "UNKNOWN") {
-        const mapeFields = [
-          ["mape_provider", "MAP-E Provider"],
-          ["mape_ipaddr", "IP Address"],
-          ["mape_peeraddr", "Peer Address"],
-          ["mape_ip4prefix", "IPv4 prefix"],
-          ["mape_ip4prefixlen", "IPv4 Prefix Length"],
-          ["mape_ip6prefix", "IPv6 Prefix"],
-          ["mape_ip6prefixlen", "IPv6 Prefix Length"],
-          ["mape_ealen", "EA Length"],
-          ["mape_psidlen", "PSID Length"],
-          ["mape_offset", "Offset"],
-          ["mape_map_ports", "Available ports"],
-        ];
-        mapeFields.forEach((field, i) => {
-          let o = s.taboption("info", form.DummyValue, field[0], _(field[1]));
-          o.cfgvalue = function () {
-            return data.mape_status[i];
-          };
-        });
-      }
+    if (data.mape_status.length > 1 && data.mape_status[0] !== "UNKNOWN") {
+      const mapeFields = [
+        ["mape_provider", "MAP-E Provider"],
+        ["mape_ipaddr", "IP Address"],
+        ["mape_peeraddr", "Peer Address"],
+        ["mape_ip4prefix", "IPv4 prefix"],
+        ["mape_ip4prefixlen", "IPv4 Prefix Length"],
+        ["mape_ip6prefix", "IPv6 Prefix"],
+        ["mape_ip6prefixlen", "IPv6 Prefix Length"],
+        ["mape_ealen", "EA Length"],
+        ["mape_psidlen", "PSID Length"],
+        ["mape_offset", "Offset"],
+        ["mape_map_ports", "Available ports"],
+      ];
+      mapeFields.forEach((field, i) => {
+        let o = s.taboption("info", form.DummyValue, field[0], _(field[1]));
+        o.cfgvalue = function () {
+          return data.mape_status[i];
+        };
+      });
     } else {
       o = s.taboption(
         "info",
@@ -86,10 +84,10 @@ return view.extend({
     }
 
     // o = s.taboption('general', form.Button, '_hook_luci-firewall-port-forward');
-		// o.title      = '&#160;';
-		// o.inputtitle = _('Hook Port Forward in firewall');
-		// o.inputstyle = 'apply';
-		// o.onclick = L.bind(this.hookFW, this, m);
+    // o.title      = '&#160;';
+    // o.inputtitle = _('Hook Port Forward in firewall');
+    // o.inputstyle = 'apply';
+    // o.onclick = L.bind(this.hookFW, this, m);
 
     o = s.taboption(
       "general",
@@ -130,12 +128,6 @@ return view.extend({
     // o.rmempty = false;
     // o.default = "0";
 
-    // o = s.taboption('general', form.ListValue, 'type', _('Tunnel Type'), _('Now only support DS-Lite'))
-    // o.value('auto', _('Auto'))
-    // o.value('ds-lite', _('DS-Lite'))
-    // o.value('map-e', _('MAP-E'))
-    // o.default = 'auto'
-
     o = s.taboption(
       "general",
       widgets.DeviceSelect,
@@ -167,6 +159,15 @@ return view.extend({
     o.noaliases = true;
     o.default = "1460";
 
+    o = s.taboption(
+      "general",
+      widgets.ZoneSelect,
+      "interface_zone",
+      _("Tunnel Interface Firewall Zone")
+    );
+    o.nocreate = true;
+    o.default = "wan";
+
     return m.render();
-  }
+  },
 });
diff --git a/po/ja/fleth.po b/po/ja/fleth.po
@@ -56,13 +56,13 @@ msgid "Available ports"
 msgstr "利用可能なポート"
 
 msgid "Auto Configure tunnel Interface"
-msgstr "トンネル インターフェースをの自動的に設定"
+msgstr "トンネル インターフェースを自動的に設定"
 
 msgid "Auto Add IPv6 PD in IPv6 Interface"
 msgstr "IPv6 インターフェースに IPv6 PD を自動的に追加"
 
 msgid "We recommend enabling it in MAP-E and when not using Hikari Denwa."
-msgstr "※MAP-Eユーザー：ひかり電話をご利用でない場合は、有効にすることをお勧めします。"
+msgstr "※MAP-Eユーザー：ひかり電話を利用していない場合は、有効にすることをお勧めします。"
 
 msgid "IPv6 Interface"
 msgstr "IPv6 インターフェース"
@@ -80,11 +80,14 @@ msgid "We recommend setting MTU to 1460 in MAP-E and DS-Lite."
 msgstr "※MAP-EおよびDS-Liteユーザー：MTUを1460に設定することをお勧めします。"
 
 msgid "Auto Renew DHCPv6"
-msgstr "DHCPv6リースの自動更新"
+msgstr "DHCPv6リースを自動的に更新"
 
 msgid "We recommend enabling it when using CROSS(10Gbps) plan."
 msgstr "※クロス(10ギガ)プランを使用する場合は、有効にすることをお勧めします。"
 
+msgid "Tunnel Interface Firewall Zone"
+msgstr "トンネル インターフェース ファイアウォール ゾーン"
+
 msgid "Random Port"
 msgstr "ランダムポート"
 

diff --git a/po/zh_Hans/fleth.po b/po/zh_Hans/fleth.po
@@ -83,7 +83,10 @@ msgid "Auto Renew DHCPv6"
 msgstr "自动续订 DHCPv6"
 
 msgid "We recommend enabling it when using CROSS(10Gbps) plan."
-msgstr "我们建议在使用 CROSS（10Gbps）套餐时启用该功能。"
+msgstr "我们建议在使用 CROSS(10Gbps) 套餐时启用该功能。"
+
+msgid "Tunnel Interface Firewall Zone"
+msgstr "隧道接口防火墙区域"
 
 msgid "Random Port"
 msgstr "随机端口"

diff --git a/po/zh_Hant/fleth.po b/po/zh_Hant/fleth.po
@@ -83,7 +83,10 @@ msgid "Auto Renew DHCPv6"
 msgstr "自動續訂 DHCPv6"
 
 msgid "We recommend enabling it when using CROSS(10G) plan."
-msgstr "我們建議在使用 CROSS（10G）方案時啟用該功能。"
+msgstr "我們建議在使用 CROSS(10Gbps) 方案時啟用該功能。"
+
+msgid "Tunnel Interface Firewall Zone"
+msgstr "隧道介面防火牆區域"
 
 msgid "Random Port"
 msgstr "隨機連接埠"

diff --git a/root/etc/uci-defaults/luci-app-fleth b/root/etc/uci-defaults/luci-app-fleth
@@ -10,6 +10,7 @@ config fleth 'global'
 	option cron_dhcpv6_renew_enabled '0'
 	option type 'auto'
 	option interface 'wan'
+	option interface_zone 'wan'
 	option interface6 'wan6'
 	option mtu '1460'
 EOF

diff --git a/root/usr/sbin/fleth b/root/usr/sbin/fleth
@@ -8,6 +8,7 @@ h_ENABLED=$(uci get fleth.global.enabled)
 h_TYPE=auto
 h_TUNNEL_INTERFACE=$(uci get fleth.global.interface)
 h_TUNNEL_INTERFACE_MTU=$(uci get fleth.global.mtu)
+h_TUNNEL_INTERFACE_zone=$(uci get fleth.global.interface_zone)
 h_UPLINK_INTERFACE=$(uci get fleth.global.interface6)
 h_IP6PREFIX_ENABLED=$(uci get fleth.global.ip6prefix_enabled)
 h_CRON_DHCPV6_RENEW_ENABLED=$(uci get fleth.global.cron_dhcpv6_renew_enabled)
@@ -160,6 +161,8 @@ set_interface() {
     current_peeraddrdomain=$(uci get network.${h_TUNNEL_INTERFACE}.peeraddrdomain)
     current_tunlink=$(uci get network.${h_UPLINK_INTERFACE}.tunlink)
     current_mtu=$(uci get network.${h_TUNNEL_INTERFACE}.mtu)
+    current_zone_index=$(uci show firewall | grep -E "firewall.@zone\[[0-9]+\].network=.*'$h_TUNNEL_INTERFACE'" | sed -n "s/.*@zone\[\([0-9]\+\)\].*/\1/p")
+    new_zone_index=$(uci show firewall | grep -E "firewall.@zone\[[0-9]+\].name='$h_TUNNEL_INTERFACE_zone'" | sed -n "s/.*@zone\[\([0-9]\+\)\].*/\1/p")
 
     if [ "$r_TYPE" = 'ds-lite' ]; then
         if [ -z "$r_AFTR" ] || [ -z "$h_TUNNEL_INTERFACE" ] || [ -z "$h_TUNNEL_INTERFACE_MTU" ] || [ -z "$h_UPLINK_INTERFACE" ]; then
@@ -179,6 +182,10 @@ set network.${h_TUNNEL_INTERFACE}.mtu='${h_TUNNEL_INTERFACE_MTU}'
 set network.${h_TUNNEL_INTERFACE}.encaplimit='ignore'
 EOF
             uci delete network.${h_TUNNEL_INTERFACE}.device > /dev/null
+            if [ "$new_zone_index" != "$current_zone_index" ]; then
+                uci del_list firewall.@zone[$current_zone_index].network="$h_TUNNEL_INTERFACE"
+                uci add_list firewall.@zone[$new_zone_index].network="$h_TUNNEL_INTERFACE"
+            fi
             uci commit
             ifdown ${h_TUNNEL_INTERFACE} && sleep 2 && ifup ${h_TUNNEL_INTERFACE}
             logger -t fleth "New ds-lite configuratin committed ${h_TUNNEL_INTERFACE}=${r_AFTR}"
@@ -221,10 +228,18 @@ set network.${h_TUNNEL_INTERFACE}.legacymap='1'
 set network.${h_TUNNEL_INTERFACE}.encaplimit='ignore'
 EOF
             uci delete network.${h_TUNNEL_INTERFACE}.device > /dev/null
+            if [ "$new_zone_index" != "$current_zone_index" ]; then
+                uci del_list firewall.@zone[$current_zone_index].network="$h_TUNNEL_INTERFACE"
+                uci add_list firewall.@zone[$new_zone_index].network="$h_TUNNEL_INTERFACE"
+            fi
             uci commit
             ifdown ${h_TUNNEL_INTERFACE} && sleep 2 && ifup ${h_TUNNEL_INTERFACE}
             logger -t fleth "New map-e configuratin committed ${h_TUNNEL_INTERFACE}=${r_PEERADDR}"
         fi
+    elif [ "$new_zone_index" != "$current_zone_index" ]; then
+        uci del_list firewall.@zone[$current_zone_index].network="$h_TUNNEL_INTERFACE"
+        uci add_list firewall.@zone[$new_zone_index].network="$h_TUNNEL_INTERFACE"
+        uci commit firewall
     fi
     if check_interface_proto_invalid ${h_TUNNEL_INTERFACE}; then
         logger -t fleth "Network Restarting"
@@ -310,17 +325,17 @@ else
     echo "Flet'h by huggy"
     echo "Flet'h is a helper that can configure your IPv4 over IPv6 tunnel automatically."
     echo ""
-    echo "Usage: $0 {auto|ip6prefix|status|mape_status|get_area|get_dslite_provider|hook_none.js|restore_none.js}"
-    echo "auto                Automatically configure the network settings based on current state and config."
+    echo "Usage: fleth {auto|ip6prefix|status|mape_status|get_area|get_dslite_provider|hook_none.js|restore_none.js}"
+    echo "auto                Configure the tunnel settings based on current state and config."
+    echo "ip6prefix           Configure the IPv6 prefix process."
     echo "status              Show the current area and DS-Lite AFTR domain."
-    echo "ip6prefix           Handle the IPv6 prefix process."
     echo "mape_status         Show the current MAP-E provider details."
-    echo "get_area            Show the current area information."
     echo "get_dslite_provider Show the current DS-Lite provider details."
+    echo "get_area            Show the current area information."
     echo "hook_none.js        Install the fleth hook in none.js to hook port-forward page."
     echo "restore_none.js     Restore the none.js to its default state."
     echo ""
-    echo "To modify settings, use:"
+    echo "To modify settings, try these examples below:"
     echo "uci show fleth.global"
     echo "uci set fleth.global.enabled=1"
     echo "uci commit"