dns/bind: Use BindAddressMatchField for ACL definitions (opnsense#4435)

Switch the UI for ACL definitions and ACL for filter-aaaa to use the BindAddressMatchField type. Because the introduction of negation makes the ACL entry order critical, this switches the user interface to a textbox, with one entry per line instead of the tokenized list. This interface allows much easier ordering of the entries. This change intorduces no model changes and thus no upgrade migrations are necessary. If ACLs are created with negation or references to the built-in ACLs, and the plugin is downgrated, the configuration templates will render correctly, but updating the configuration will require removing the negation and/or built-in ACL references to pass validation.
jfieber · Feb 2, 2025 · ec18c75 · ec18c75
1 parent ceafd05
commit ec18c75
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 15 deletions.
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindAcl.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/dialogEditBindAcl.xml
@@ -14,9 +14,7 @@
     <field>
         <id>acl.networks</id>
         <label>Network List</label>
-        <style>tokenize</style>
-        <type>select_multiple</type>
-        <allownew>true</allownew>
-        <help>List of networks for this ACL.</help>
+        <type>textbox</type>
+        <help>List of addresses and network prefixes, one address or prefix per line. Use a leading exclamation mark (!) for negation. These built in ACLs may also be used: any, none, localhost, and localnets. If more than one element in an ACL is found to match a given IP address or prefix, preference is given to the one that came first in the ACL definition.</help>
     </field>
 </form>
diff --git a/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml b/dns/bind/src/opnsense/mvc/app/controllers/OPNsense/Bind/forms/general.xml
@@ -84,10 +84,8 @@
     <field>
         <id>general.filteraaaaacl</id>
         <label>ACL for filter-aaaa</label>
-        <style>tokenize</style>
-        <type>select_multiple</type>
-        <allownew>true</allownew>
-        <help>Specifies a list of client addresses for which AAAA filtering is to be applied.</help>
+        <type>textbox</type>
+        <help>Specifies a list of client addresses, one per line, for which AAAA filtering is to be applied.</help>
     </field>
     <field>
         <id>general.logsize</id>

diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Acl.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/Acl.xml
@@ -20,10 +20,8 @@
                         </check001>
                     </Constraints>
                 </name>
-                <networks type="NetworkField">
-                    <FieldSeparator>,</FieldSeparator>
+                <networks type=".\BindAddressMatchField">
                     <Required>Y</Required>
-                    <asList>Y</asList>
                 </networks>
             </acl>
         </acls>

diff --git a/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml b/dns/bind/src/opnsense/mvc/app/models/OPNsense/Bind/General.xml
@@ -59,10 +59,7 @@
             <Default>0</Default>
             <Required>Y</Required>
         </filteraaaav6>
-        <filteraaaaacl type="NetworkField">
-            <FieldSeparator>,</FieldSeparator>
-            <asList>Y</asList>
-        </filteraaaaacl>
+        <filteraaaaacl type=".\BindAddressMatchField"/>
         <logsize type="IntegerField">
             <Default>5</Default>
             <Required>Y</Required>