Firewall configuration (plugin) for port forwarding

It is common and expected by users to have easy to use firewall configuration. Primary usage of that is port forwarding.

This can be either new plugin or if it makes sense it can be part of core.

We need port forwarding such as:

config redirect
       option target          DNAT
       option src             wan
       option dest            lan
       option proto           tcp
       option src_dport       22
       option dest_ip         192.168.1.20
       option dest_port       22
       option enabled         1

In our case it is easier as it is always going to be wan and lan. We have to just allow configuration of proto (tcp/udp or both), src_dport and dest_ip. I am not sure if we even have to support dest_port (user can do redirect of that type in luci or on target machine) but it should be easy to do and just frontend has to solve how to explain it to user so it is not confusing.

We should also think about including DMZ (probably almost the same way as we have guest network but with LAN access to DMZ) with this feature.

MVP

As for some kind of basic version following features are required:

• create fw rule in uci based on user input (port, destination_address, destination_port)
• extend port and destination_port so it is able to accept ranges (see src_port specification in https://openwrt.org/docs/guide-user/firewall/firewall_configuration#options5)
• accept only destination ips which are specified in /etc/config/dhcp (see (https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/blob/master/foris_controller_modules/lan/schema/lan.json#L119 or https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/blob/master/foris_controller/schemas/definitions/common.json#L20 )
• proto option - by default if no proto is used both tcp and udp are used. If proto is set only tcp/udp redirects will be used.