From f6deef2617d3a1675d2f5dc9dff6b0ba6590ddbb Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 3 Jan 2024 20:59:47 +0100
Subject: [PATCH] net/firewall - NPTv6 work for
 https://github.com/opnsense/core/issues/6383 , rearange template.

---
 .../OPNsense/Firewall/Api/NptController.php   |  7 ++++++-
 .../OPNsense/Firewall/FilterController.php    | 11 ++++++++++
 .../OPNsense/Firewall/NptController.php       | 19 ++++++++++++++++++
 .../OPNsense/Firewall/SourceNatController.php | 11 ++++++++++
 .../OPNsense/Firewall/forms/dialogNptRule.xml |  6 ++----
 .../app/models/OPNsense/Firewall/Filter.php   | 20 +++++++++++++------
 .../app/models/OPNsense/Firewall/Filter.xml   | 18 +++++++++++++++--
 .../app/views/OPNsense/Firewall/filter.volt   | 14 +++++++++----
 8 files changed, 89 insertions(+), 17 deletions(-)

diff --git a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/NptController.php b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/NptController.php
index 61b1d5705..1f8f4819e 100644
--- a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/NptController.php
+++ b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/NptController.php
@@ -37,7 +37,12 @@ class NptController extends FilterBaseController
         $filter_funct = function ($record) use ($category) {
             return empty($category) || array_intersect(explode(',', $record->categories), $category);
         };
-        return $this->searchBase("npt.rule", ['enabled', 'sequence', 'description'], "sequence", $filter_funct);
+        return $this->searchBase(
+            "npt.rule",
+            ['enabled', 'sequence', 'source_net', 'destination_net', 'description'],
+            "sequence",
+            $filter_funct
+        );
     }
 
     public function setRuleAction($uuid)
diff --git a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/FilterController.php b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/FilterController.php
index 74c0479b3..461f990a5 100644
--- a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/FilterController.php
+++ b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/FilterController.php
@@ -33,6 +33,17 @@ class FilterController extends \OPNsense\Base\IndexController
     {
         $this->view->pick('OPNsense/Firewall/filter');
         $this->view->ruleController = "filter";
+        $this->view->gridFields = [
+            [
+                'id' => 'enabled', 'formatter' => 'rowtoggle' ,'width' => '6em', 'heading' => gettext('Enabled')
+            ],
+            [
+                'id' => 'sequence','width' => '9em', 'heading' => gettext('Sequence')
+            ],
+            [
+                'id' => 'description', 'heading' => gettext('Description')
+            ]
+        ];
         $this->view->formDialogFilterRule = $this->getForm("dialogFilterRule");
     }
 }
diff --git a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/NptController.php b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/NptController.php
index 07b1c7efd..50661eaae 100644
--- a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/NptController.php
+++ b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/NptController.php
@@ -33,6 +33,25 @@ class NptController extends \OPNsense\Base\IndexController
     {
         $this->view->pick('OPNsense/Firewall/filter');
         $this->view->ruleController = "npt";
+        $this->view->hideSavePointBtns = true;
+        $this->view->gridFields = [
+            [
+                'id' => 'enabled', 'formatter' => 'rowtoggle' ,'width' => '6em', 'heading' => gettext('Enabled')
+            ],
+            [
+                'id' => 'sequence','width' => '9em', 'heading' => gettext('Sequence')
+            ],
+            [
+                'id' => 'source_net', 'heading' => gettext('Internal IPv6 Prefix')
+            ],
+            [
+                'id' => 'destination_net', 'heading' => gettext('External IPv6 Prefix')
+            ],
+            [
+                'id' => 'description', 'heading' => gettext('Description')
+            ]
+        ];
+
         $this->view->formDialogFilterRule = $this->getForm("dialogNptRule");
     }
 }
diff --git a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/SourceNatController.php b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/SourceNatController.php
index 5b5927a06..7bc2c632f 100644
--- a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/SourceNatController.php
+++ b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/SourceNatController.php
@@ -33,6 +33,17 @@ class SourceNatController extends \OPNsense\Base\IndexController
     {
         $this->view->pick('OPNsense/Firewall/filter');
         $this->view->ruleController = "source_nat";
+        $this->view->gridFields = [
+            [
+                'id' => 'enabled', 'formatter' => 'rowtoggle' ,'width' => '6em', 'heading' => gettext('Enabled')
+            ],
+            [
+                'id' => 'sequence','width' => '9em', 'heading' => gettext('Sequence')
+            ],
+            [
+                'id' => 'description', 'heading' => gettext('Description')
+            ]
+        ];
         $this->view->formDialogFilterRule = $this->getForm("dialogSNatRule");
     }
 }
diff --git a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogNptRule.xml b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogNptRule.xml
index fc9f7c66f..051dc4061 100644
--- a/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogNptRule.xml
+++ b/net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogNptRule.xml
@@ -17,14 +17,12 @@
     </field>
     <field>
         <id>rule.source_net</id>
-        <label>Source</label>
-        <style>net_selector</style>
+        <label>Internal IPv6 Prefix (source)</label>
         <type>text</type>
     </field>
     <field>
         <id>rule.destination_net</id>
-        <label>Destination</label>
-        <style>net_selector</style>
+        <label>External IPv6 Prefix (target)</label>
         <type>text</type>
     </field>
     <field>
diff --git a/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php b/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
index ed631c16a..98edce4fd 100644
--- a/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+++ b/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
@@ -44,12 +44,7 @@ class Filter extends BaseModel
         $messages = parent::performValidation($validateFullModel);
         foreach ([$this->rules->rule, $this->snatrules->rule] as $rules) {
             foreach ($rules->iterateItems() as $rule) {
-                // validate changed rules
-                $rule_changed = false;
-                foreach ($rule->iterateItems() as $field) {
-                    $rule_changed = $rule_changed ? $rule_changed : $field->isFieldChanged();
-                }
-                if ($validateFullModel || $rule_changed) {
+                if ($validateFullModel || $rule->isFieldChanged()) {
                     // port / protocol validation
                     if (!empty((string)$rule->source_port) && !in_array($rule->protocol, ['TCP', 'UDP'])) {
                         $messages->appendMessage(new Message(
@@ -100,6 +95,19 @@ class Filter extends BaseModel
                 }
             }
         }
+        foreach ($this->npt->rule->iterateItems() as $rule) {
+            if ($validateFullModel || $rule->isFieldChanged()) {
+                $src_is_addr = Util::isSubnet($rule->source_net) || Util::isIpAddress($rule->source_net);
+                $src_proto = strpos($rule->source_net, ':') === false ? "inet" : "inet6";
+                if ($src_is_addr && $src_proto != 'inet6') {
+                    $messages->appendMessage(new Message(
+                        gettext("You can not use IPv4 addresses in IPv6 rules."),
+                        $rule->source_net->__reference
+                    ));
+                }
+
+            }
+        }
         return $messages;
     }
 
diff --git a/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml b/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
index ca30b9f98..e18a1caa7 100644
--- a/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+++ b/net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
@@ -219,15 +219,29 @@
                     <Default>1</Default>
                     <Required>Y</Required>
                 </enabled>
+                <sequence type="IntegerField">
+                    <MinimumValue>1</MinimumValue>
+                    <MaximumValue>99999</MaximumValue>
+                    <ValidationMessage>provide a valid sequence for sorting</ValidationMessage>
+                    <Required>Y</Required>
+                    <Default>1</Default>
+                </sequence>
                 <interface type="InterfaceField">
                     <Required>Y</Required>
                     <Default>lan</Default>
                     <AllowDynamic>Y</AllowDynamic>
                 </interface>
-                <source_net type="NetworkAliasField">
+                <source_net type="NetworkField">
                     <Required>Y</Required>
+                    <AddressFamily>ipv6</AddressFamily>
+                    <NetMaskRequired>Y</NetMaskRequired>
+                    <WildcardEnabled>N</WildcardEnabled>
                 </source_net>
-                <destination_net type="NetworkAliasField"/>
+                <destination_net type="NetworkField">
+                    <AddressFamily>ipv6</AddressFamily>
+                    <NetMaskRequired>Y</NetMaskRequired>
+                    <WildcardEnabled>N</WildcardEnabled>
+                </destination_net>
                 <categories type="ModelRelationField">
                     <Model>
                         <rulesets>
diff --git a/net/firewall/src/opnsense/mvc/app/views/OPNsense/Firewall/filter.volt b/net/firewall/src/opnsense/mvc/app/views/OPNsense/Firewall/filter.volt
index d8caac9e6..717453fe9 100644
--- a/net/firewall/src/opnsense/mvc/app/views/OPNsense/Firewall/filter.volt
+++ b/net/firewall/src/opnsense/mvc/app/views/OPNsense/Firewall/filter.volt
@@ -179,9 +179,14 @@
             <thead>
                 <tr>
                     <th data-column-id="uuid" data-type="string" data-identifier="true"  data-visible="false">{{ lang._('ID') }}</th>
-                    <th data-column-id="enabled" data-width="6em" data-type="string" data-formatter="rowtoggle">{{ lang._('Enabled') }}</th>
-                    <th data-column-id="sequence" data-type="string">{{ lang._('Sequence') }}</th>
-                    <th data-column-id="description" data-type="string">{{ lang._('Description') }}</th>
+{% for fieldlist in gridFields %}
+                    <th
+                        data-column-id="{{fieldlist['id']}}"
+                        data-width="{{fieldlist['width']|default('')}}"
+                        data-type="{{fieldlist['type']|default('string')}}"
+                        data-formatter="{{fieldlist['formatter']|default('')}}"
+                    >{{fieldlist['heading']|default('')}}</th>
+{% endfor %}
                     <th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>
                 </tr>
             </thead>
@@ -208,7 +213,7 @@
                 data-error-title="{{ lang._('Filter load error') }}"
                 type="button"
         ></button>
-
+{% if not hideSavePointBtns|default(false) %}
         <div class="pull-right">
             <button class="btn" id="savepointAct"
                     data-endpoint='/api/firewall/{{ruleController}}/savepoint'
@@ -220,6 +225,7 @@
                 {{ lang._('Revert') }}
             </button>
         </div>
+{% endif %}
         <br/><br/>
     </div>
     </div>