Add support for editing IPset match rules

2026-02-03 14:13:29 +00:00 · 2021-12-27 13:08:26 -08:00
parent 24b3715b95
commit ebe9d58594
4 changed files with 24 additions and 4 deletions
--- a/firewall/edit_rule.cgi
+++ b/firewall/edit_rule.cgi
@@ -345,10 +345,20 @@ print &ui_table_row($text{'edit_physdevisbridged'},
 	&print_mode("physdevisbridged", $rule->{'physdev-is-bridged'},
 		    $text{'yes'}, $text{'no'}));
 # IPset to match
 print &ui_table_row($text{'edit_matchset'},
 	&print_mode("matchset", $rule->{'match-set'})." ".
 	&ui_select("matchset", $rule->{'match-set'}->[1],
 		   [ map { $_->{'Name'} } &get_ipsets_active() ])." ".
 	&ui_select("matchset2", $rule->{'match-set'}->[2],
 		   [ [ "src", $text{'edit_matchsetsrc'} ],
 		     [ "dst", $text{'edit_matchsetdst'} ] ], 1, 0,
 		   $rule->{'match-set'}->[2] ? 1 : 0));
 print &ui_table_hr();
 # Show unknown modules
-@mods = grep { !/^(tcp|udp|icmp${ipvx_icmp}|multiport|mac|limit|owner|state|conntrack|tos|comment|physdev)$/ } map { $_->[1] } @{$rule->{'m'}};
+@mods = grep { !/^(tcp|udp|icmp${ipvx_icmp}|multiport|mac|limit|owner|state|conntrack|tos|comment|physdev|set)$/ } map { $_->[1] } @{$rule->{'m'}};
 print &ui_table_row($text{'edit_mods'},
 	&ui_textbox("mods", join(" ", @mods), 60));
--- a/firewall/index.cgi
+++ b/firewall/index.cgi
@@ -433,7 +433,7 @@ else {
 	# Show ipset overview if ipsets are availibe
        # may need to check if they are used by firewall rules
-	@ipsets  = &get_ipsets_active();
+	@ipsets = &get_ipsets_active();
 	if (@ipsets) {	
 	    print &ui_hr();
 	    print "<b>$text{'index_ipset_title'}</b>";
--- a/firewall/lang/en
+++ b/firewall/lang/en
@@ -140,8 +140,8 @@ desc_ctstate=state of connection is $1
 desc_ctstate!=state of connection is not $1
 desc_tos=type of service field is $1
 desc_tos!=type of service field is not $1
-desc_match-set=$2 matches set $1
+desc_match-set=$2 matches IPset $1
-desc_match-set!=$2 does not match set $1
+desc_match-set!=$2 does not match IPset $1
 desc_physdev-in=input physical interface is $1
 desc_physdev-in!=input physical interface is not $1
 desc_physdev-out=output physical interface is $1
@@ -229,6 +229,9 @@ edit_physdevout=Outgoing physical interface
 edit_physdevisin=Packet incoming on bridge interface
 edit_physdevisout=Packet outgoing on bridge interface
 edit_physdevisbridged=Packet is being bridged
 edit_matchset=Matching IPset
 edit_matchsetsrc=on incoming traffic
 edit_matchsetdst=on outgoing traffic
 save_err=Failed to save rule
 save_echain=Missing or invalid chain to run
--- a/firewall/save_rule.cgi
+++ b/firewall/save_rule.cgi
@@ -362,6 +362,13 @@ else {
 		push(@mods, "physdev");
 		}
 	# Parse IPset
 	if (&parse_mode("matchset", $rule, "match-set")) {
 		$rule->{'match-set'}->[1] = $in{'matchset'};
 		$rule->{'match-set'}->[2] = $in{'matchset2'};
 		push(@mods, "set");
 		}
 	# Add custom parameters and modules
 	$rule->{'args'} = $in{'args'};
 	push(@mods, split(/\s+/, $in{'mods'}));