diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index b71efc888..d67470a09 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -38,10 +38,10 @@ function wizard_add() local gostatus = true -- Force WAN zone firewall members to be a list - local fwwan = sys.exec("uci -q get firewall.@zone[1].network") - luci.sys.call("uci -q delete firewall.@zone[1].network") + local fwwan = sys.exec("uci -q get firewall.zone_wan.network") + luci.sys.call("uci -q delete firewall.zone_wan.network") for interface in fwwan:gmatch("%S+") do - luci.sys.call("uci -q add_list firewall.@zone[1].network=" .. interface) + luci.sys.call("uci -q add_list firewall.zone_wan.network=" .. interface) end ucic:save("firewall") @@ -185,7 +185,7 @@ function wizard_add() luci.sys.call("uci -q commit vnstat") -- Dirty way to add new interface to firewall... - luci.sys.call("uci -q add_list firewall.@zone[1].network=wan" .. i) + luci.sys.call("uci -q add_list firewall.zone_wan.network=wan" .. i) luci.sys.call("uci -q commit firewall") luci.sys.call("/etc/init.d/macvlan restart >/dev/null 2>/dev/null") @@ -217,7 +217,7 @@ function wizard_add() luci.sys.call("uci -q del_list vnstat.@vnstat[-1].interface=" .. defif) end luci.sys.call("uci -q commit vnstat") - luci.sys.call("uci -q del_list firewall.@zone[1].network=" .. intf) + luci.sys.call("uci -q del_list firewall.zone_wan.network=" .. intf) luci.sys.call("uci -q commit firewall") gostatus = false end diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm index a0b5851e1..02e20ebad 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm @@ -372,7 +372,7 @@ <% for _, iface in ipairs(net:get_networks()) do local ifname = iface:name() - local firewall_lan = luci.util.trim(luci.sys.exec("uci -q get firewall.@zone[0].network | grep " .. ifname)) + local firewall_lan = luci.util.trim(luci.sys.exec("uci -q get firewall.zone_lan.network | grep " .. ifname)) if firewall_lan ~= "" then %>

<%=ifname%>

@@ -475,7 +475,7 @@ <% for _, iface in ipairs(net:get_networks()) do local ifname = iface:name() - local firewall_wan = luci.util.trim(luci.sys.exec("uci -q get firewall.@zone[1].network | grep " .. ifname)) + local firewall_wan = luci.util.trim(luci.sys.exec("uci -q get firewall.zone_wan.network | grep " .. ifname)) if firewall_wan ~= "" then -- local multipath = uci:get("network",ifname,"multipath") @@ -943,9 +943,10 @@ -
+
- + +
diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall index dda268ebe..2bd9ba5d3 100755 --- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall +++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall @@ -15,6 +15,21 @@ if [ "$(uci -q get firewall.@zone[2].name)" = "vpn" ]; then EOF fi +if [ "$(uci -q get firewall.@zone[1].name)" = "wan" ]; then + uci -q batch <<-EOF >/dev/null + rename firewall.@zone[1]="zone_wan" + del_list firewall.zone_wan.network="wan" + del_list firewall.zone_wan.network="wan6" + commit firewall + EOF +fi +if [ "$(uci -q get firewall.@zone[0].name)" = "lan" ]; then + uci -q batch <<-EOF >/dev/null + rename firewall.@zone[0]="zone_lan" + commit firewall + EOF +fi + if [ "$(uci -q get firewall.zone_vpn)" = "" ]; then uci -q batch <<-EOF >/dev/null set firewall.zone_vpn=zone @@ -91,12 +106,12 @@ if [ "$(uci -q show firewall | grep ICMPv6-Lan-to-OMR)" = "" ]; then EOF fi uci -q batch <<-EOF >/dev/null - del_list firewall.wan.masq_dest='!10.0.0.0/8' - del_list firewall.wan.masq_dest='!172.16.0.0/12' - del_list firewall.wan.masq_dest='!192.168.0.0/16' - add_list firewall.wan.masq_dest='!10.0.0.0/8' - add_list firewall.wan.masq_dest='!172.16.0.0/12' - add_list firewall.wan.masq_dest='!192.168.0.0/16' + del_list firewall.zone_wan.masq_dest='!10.0.0.0/8' + del_list firewall.zone_wan.masq_dest='!172.16.0.0/12' + del_list firewall.zone_wan.masq_dest='!192.168.0.0/16' + add_list firewall.zone_wan.masq_dest='!10.0.0.0/8' + add_list firewall.zone_wan.masq_dest='!172.16.0.0/12' + add_list firewall.zone_wan.masq_dest='!192.168.0.0/16' EOF if [ "$(ubus call system board | jsonfilter -e '@.board_name')" = "bananapi,bpi-r2" ] || [ "$(ubus call system board | jsonfilter -e '@.board_name' | grep -i wrt)" != "" ]; then uci -q batch <<-EOF >/dev/null @@ -124,7 +139,7 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then fi if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then uci -q batch <<-EOF >/dev/null - set firewall.@zone[0].auto_helper='0' + set firewall.zone_lan.auto_helper='0' set firewall.fwlantovpn=forwarding set firewall.fwlantovpn.src='lan' set firewall.fwlantovpn.dest='vpn' @@ -187,10 +202,10 @@ if [ "$(uci -q get firewall.allowdhcpv6546)" = "" ]; then fi # Fix firewall config from some old config -allintf=$(uci -q get firewall.@zone[1].network) -uci -q del firewall.@zone[1].network +allintf=$(uci -q get firewall.zone_wan.network) +uci -q del firewall.zone_wan.network for intf in $allintf; do - uci -q add_list firewall.@zone[1].network=$intf + uci -q add_list firewall.zone_wan.network=$intf done allintf=$(uci -q get firewall.zone_vpn.network) uci -q del firewall.zone_vpn.network @@ -199,7 +214,7 @@ for intf in $allintf; do done uci -q batch <<-EOF >/dev/null - set firewall.@zone[0].mtu_fix='1' + set firewall.zone_lan.mtu_fix='1' set firewall.zone_vpn.mtu_fix='1' set firewall.@include[0].reload='1' commit firewall