michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-03 14:13:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add support for editing IPset match rules

Browse Source
This commit is contained in:
Jamie Cameron
2021-12-27 13:08:26 -08:00
parent 24b3715b95
commit ebe9d58594
4 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
firewall/edit_rule.cgi
View File

@@ -345,10 +345,20 @@ print &ui_table_row($text{'edit_physdevisbridged'},
&print_mode("physdevisbridged", $rule->{'physdev-is-bridged'},
$text{'yes'}, $text{'no'}));
# IPset to match
print &ui_table_row($text{'edit_matchset'},
&print_mode("matchset", $rule->{'match-set'})." ".
&ui_select("matchset", $rule->{'match-set'}->[1],
[ map { $_->{'Name'} } &get_ipsets_active() ])." ".
&ui_select("matchset2", $rule->{'match-set'}->[2],
[ [ "src", $text{'edit_matchsetsrc'} ],
[ "dst", $text{'edit_matchsetdst'} ] ], 1, 0,
$rule->{'match-set'}->[2] ? 1 : 0));
print &ui_table_hr();
# Show unknown modules
@mods = grep { !/^(tcp|udp|icmp${ipvx_icmp}|multiport|mac|limit|owner|state|conntrack|tos|comment|physdev)$/ } map { $_->[1] } @{$rule->{'m'}};
@mods = grep { !/^(tcp|udp|icmp${ipvx_icmp}|multiport|mac|limit|owner|state|conntrack|tos|comment|physdev|set)$/ } map { $_->[1] } @{$rule->{'m'}};
print &ui_table_row($text{'edit_mods'},
&ui_textbox("mods", join(" ", @mods), 60));

7
firewall/lang/en
View File

@@ -140,8 +140,8 @@ desc_ctstate=state of connection is $1
desc_ctstate!=state of connection is not $1
desc_tos=type of service field is $1
desc_tos!=type of service field is not $1
desc_match-set=$2 matches set $1
desc_match-set!=$2 does not match set $1
desc_match-set=$2 matches IPset $1
desc_match-set!=$2 does not match IPset $1
desc_physdev-in=input physical interface is $1
desc_physdev-in!=input physical interface is not $1
desc_physdev-out=output physical interface is $1
@@ -229,6 +229,9 @@ edit_physdevout=Outgoing physical interface
edit_physdevisin=Packet incoming on bridge interface
edit_physdevisout=Packet outgoing on bridge interface
edit_physdevisbridged=Packet is being bridged
edit_matchset=Matching IPset
edit_matchsetsrc=on incoming traffic
edit_matchsetdst=on outgoing traffic
save_err=Failed to save rule
save_echain=Missing or invalid chain to run

7
firewall/save_rule.cgi
View File

@@ -362,6 +362,13 @@ else {
push(@mods, "physdev");
}
# Parse IPset
if (&parse_mode("matchset", $rule, "match-set")) {
$rule->{'match-set'}->[1] = $in{'matchset'};
$rule->{'match-set'}->[2] = $in{'matchset2'};
push(@mods, "set");
}
# Add custom parameters and modules
$rule->{'args'} = $in{'args'};
push(@mods, split(/\s+/, $in{'mods'}));