firewall.cgi: Add dropdown to add WireGuard peers to a firewall rule

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/doc/language_issues.de b/doc/language_issues.de
index f93937e898becc3ae7378807b994e47dfacb082e..33921bbd2a8d535b44155cb5e98ba9989efa99b5 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -970,6 +970,7 @@ WARNING: untranslated string: error the to date has to be later than the from da
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
 WARNING: untranslated string: guardian block ssh brute-force = unknown string

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 01cc28aad95ad43bd6adc36dcffa5aebd3514df2..c59aee6ffcc16bf9153b7b0785e7ff169acd227c 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -966,6 +966,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
 WARNING: untranslated string: fwhost type = Type
 WARNING: untranslated string: fwhost used = Used
 WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: gateway = Gateway
 WARNING: untranslated string: gateway ip = Gateway IP
 WARNING: untranslated string: generate a certificate = Generate a certificate:

diff --git a/doc/language_issues.es b/doc/language_issues.es
index b36f71084643a511fe9015b3c771f44a8f4cc080..d90ff95fee302cd70b02a70aee6b9a5bcbfdfb8f 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1032,6 +1032,7 @@ WARNING: untranslated string: extrahd not mounted = Not mounted
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
 WARNING: untranslated string: guardian block ssh brute-force = unknown string

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 88e6e35feb054cd1efea7f833fd77068b01d8b2b..046064cbfbbb312fcf6a7cddb876493dc5c02930 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -990,6 +990,7 @@ WARNING: untranslated string: extrahd because it is outside the allowed mount pa
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
 WARNING: untranslated string: guardian block ssh brute-force = unknown string

diff --git a/doc/language_issues.it b/doc/language_issues.it
index a672b2a9cce7edc5689a5c797aeb792fbbe0ba48..a82d6a1a8b1af830ace50ff996af813423dd1292 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1103,6 +1103,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: fwhost newlocationgrp = Location Groups
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth
 WARNING: untranslated string: guardian = Guardian

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 396d12648f79c58f4bad96c88a64c5a324bd09e4..0a69d9ba2bc57c9c6136175850360afd65b9dadd 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1109,6 +1109,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: fwhost newlocationgrp = Location Groups
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: guardian = Guardian
 WARNING: untranslated string: guardian block a host = unknown string

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index ccc6e62aca640843f29f65ea94ad37267e0107ca..e5cd2fb7eadeb0f4b4b54e6a905ffdc88f4a12c8 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1246,6 +1246,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
 WARNING: untranslated string: fwhost type = Type
 WARNING: untranslated string: fwhost used = Used
 WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: grouptype = Grouptype:
 WARNING: untranslated string: guardian = Guardian

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 7db9ad3a7fc8244e727380fbf040a16569f8a9fa..e42dad19ea30a7f1dedb053a4ddf8a97572e85b0 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1241,6 +1241,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
 WARNING: untranslated string: fwhost type = Type
 WARNING: untranslated string: fwhost used = Used
 WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: grouptype = Grouptype:
 WARNING: untranslated string: guardian = Guardian

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 5f20f926d0b93223301bcd3203bf140951c83411..22d1273c56a22abe03d0b65eaa56692eab0000d1 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1046,6 +1046,7 @@ WARNING: untranslated string: fwdfw all subnets = All subnets
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string

diff --git a/doc/language_missings b/doc/language_missings
index eb381b97a87fc0538ca1e1fc256b2b1fd2023155..48b98ce74d710f27ace217825216ebd6e8a1ef8f 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -62,6 +62,7 @@
 < error the to date has to be later than the from date
 < extrahd because it it outside the allowed mount path
 < fwdfw syn flood protection
+< fwhost wg peers
 < g.dtm
 < g.lite
 < hostile networks in
@@ -184,6 +185,7 @@
 < extrahd not configured
 < extrahd not mounted
 < fwdfw syn flood protection
+< fwhost wg peers
 < hardware vulnerabilities
 < hostile networks in
 < hostile networks out
@@ -291,6 +293,7 @@
 < endpoint port
 < extrahd because it it outside the allowed mount path
 < fwdfw syn flood protection
+< fwhost wg peers
 < g.dtm
 < g.lite
 < hostile networks total
@@ -592,6 +595,7 @@
 < fwhost cust locationgroup
 < fwhost cust locationlocation
 < fwhost newlocationgrp
+< fwhost wg peers
 < fw red
 < generate ptr
 < guaranteed bandwidth
@@ -1199,6 +1203,7 @@
 < fwhost cust locationgroup
 < fwhost cust locationlocation
 < fwhost newlocationgrp
+< fwhost wg peers
 < fw red
 < generate ptr
 < guardian
@@ -2101,6 +2106,7 @@
 < fwhost type
 < fwhost used
 < fwhost welcome
+< fwhost wg peers
 < fwhost wo subnet
 < fw red
 < fw rules reload notice
@@ -3179,6 +3185,7 @@
 < fwhost type
 < fwhost used
 < fwhost welcome
+< fwhost wg peers
 < fwhost wo subnet
 < fw red
 < fw rules reload notice
@@ -3860,6 +3867,7 @@
 < foreshadow
 < fwdfw all subnets
 < fwdfw syn flood protection
+< fwhost wg peers
 < fw red
 < generate ptr
 < hardware vulnerabilities

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index f7cd1899dc3a1cda81d118e572459254cd8f30a8..7f572a24fc433610b45f9a86bfb9b367bf78ad8f 100644 (file)
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1185,6 +1185,40 @@ END
 
        #End left table. start right table (vpn)
        print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
+
+       # WireGuard Peers
+       if (%Wireguard::peers || $optionsfw{'SHOWDROPDOWN'} eq 'on') {
+               print <<EOF;
+                       <tr>
+                               <td>
+                                       <input type='radio' name='$grp' id='wg_host_$srctgt' value='wg_host_$srctgt' $checked{$grp}{'wg_host_'.$srctgt}>
+                               </td>
+                               <td nowrap='nowrap' width='16%'>
+                                       $Lang::tr{'fwhost wg peers'}
+                               </td>
+                               <td nowrap='nowrap' width='1%' align='right'>
+                                       <select name='wg_host_$srctgt' style='width:200px;'>"
+EOF
+                       # Sort peers by name
+                       foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+                               # Load the peer
+                               my %peer = &Wireguard::load_peer($key);
+
+                               # Is this peer selected?
+                               my $selected = ($fwdfwsettings{$fwdfwsettings{$grp}} eq $peer{'NAME'}) ? "selected" : "";
+
+                               print <<EOF;
+                                       <option value="$peer{'NAME'}" $selected>$peer{'NAME'}</option>
+EOF
+                       }
+
+                       print <<EOF;
+                                       </select>
+                               </td>
+                       </tr>
+EOF
+       }
+
        # CCD networks
        if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
                print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt'  $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b5078157019fd5379080d306dc92469ee057e280..3fd6c2e5770f6dbfcd4f39606cbef760f7f7dc7a 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1365,6 +1365,7 @@
 'fwhost type' => 'Type',
 'fwhost used' => 'Used',
 'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wg peers' => 'WireGuard Peers',
 'fwhost wo subnet' => '(without subnet)',
 'g.dtm' => 'TO BE REMOVED',
 'g.lite' => 'TO BE REMOVED',