From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 22 Apr 2025 15:41:12 +0000 (+0200)
Subject: firewall.cgi: Add dropdown to add WireGuard peers to a firewall rule
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=468e9831d5c7b99a2dc20b66d881f43ecb0a424b;p=ipfire-2.x.git

firewall.cgi: Add dropdown to add WireGuard peers to a firewall rule

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/doc/language_issues.de b/doc/language_issues.de
index f93937e89..33921bbd2 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -970,6 +970,7 @@ WARNING: untranslated string: error the to date has to be later than the from da
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
 WARNING: untranslated string: guardian block ssh brute-force = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 01cc28aad..c59aee6ff 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -966,6 +966,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
 WARNING: untranslated string: fwhost type = Type
 WARNING: untranslated string: fwhost used = Used
 WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: gateway = Gateway
 WARNING: untranslated string: gateway ip = Gateway IP
 WARNING: untranslated string: generate a certificate = Generate a certificate:
diff --git a/doc/language_issues.es b/doc/language_issues.es
index b36f71084..d90ff95fe 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1032,6 +1032,7 @@ WARNING: untranslated string: extrahd not mounted = Not mounted
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
 WARNING: untranslated string: guardian block ssh brute-force = unknown string
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 88e6e35fe..046064cbf 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -990,6 +990,7 @@ WARNING: untranslated string: extrahd because it is outside the allowed mount pa
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
 WARNING: untranslated string: guardian block ssh brute-force = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index a672b2a9c..a82d6a1a8 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1103,6 +1103,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: fwhost newlocationgrp = Location Groups
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth
 WARNING: untranslated string: guardian = Guardian
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 396d12648..0a69d9ba2 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1109,6 +1109,7 @@ WARNING: untranslated string: fwhost cust locationgroup = Location Groups
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: fwhost newlocationgrp = Location Groups
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: guardian = Guardian
 WARNING: untranslated string: guardian block a host = unknown string
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index ccc6e62ac..e5cd2fb7e 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1246,6 +1246,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
 WARNING: untranslated string: fwhost type = Type
 WARNING: untranslated string: fwhost used = Used
 WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: grouptype = Grouptype:
 WARNING: untranslated string: guardian = Guardian
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 7db9ad3a7..e42dad19e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1241,6 +1241,7 @@ WARNING: untranslated string: fwhost stdnet = Standard networks:
 WARNING: untranslated string: fwhost type = Type
 WARNING: untranslated string: fwhost used = Used
 WARNING: untranslated string: fwhost welcome = Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: grouptype = Grouptype:
 WARNING: untranslated string: guardian = Guardian
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 5f20f926d..22d1273c5 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1046,6 +1046,7 @@ WARNING: untranslated string: fwdfw all subnets = All subnets
 WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
+WARNING: untranslated string: fwhost wg peers = WireGuard Peers
 WARNING: untranslated string: generate ptr = Generate PTR
 WARNING: untranslated string: guardian block a host = unknown string
 WARNING: untranslated string: guardian block httpd brute-force = unknown string
diff --git a/doc/language_missings b/doc/language_missings
index eb381b97a..48b98ce74 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -62,6 +62,7 @@
 < error the to date has to be later than the from date
 < extrahd because it it outside the allowed mount path
 < fwdfw syn flood protection
+< fwhost wg peers
 < g.dtm
 < g.lite
 < hostile networks in
@@ -184,6 +185,7 @@
 < extrahd not configured
 < extrahd not mounted
 < fwdfw syn flood protection
+< fwhost wg peers
 < hardware vulnerabilities
 < hostile networks in
 < hostile networks out
@@ -291,6 +293,7 @@
 < endpoint port
 < extrahd because it it outside the allowed mount path
 < fwdfw syn flood protection
+< fwhost wg peers
 < g.dtm
 < g.lite
 < hostile networks total
@@ -592,6 +595,7 @@
 < fwhost cust locationgroup
 < fwhost cust locationlocation
 < fwhost newlocationgrp
+< fwhost wg peers
 < fw red
 < generate ptr
 < guaranteed bandwidth
@@ -1199,6 +1203,7 @@
 < fwhost cust locationgroup
 < fwhost cust locationlocation
 < fwhost newlocationgrp
+< fwhost wg peers
 < fw red
 < generate ptr
 < guardian
@@ -2101,6 +2106,7 @@
 < fwhost type
 < fwhost used
 < fwhost welcome
+< fwhost wg peers
 < fwhost wo subnet
 < fw red
 < fw rules reload notice
@@ -3179,6 +3185,7 @@
 < fwhost type
 < fwhost used
 < fwhost welcome
+< fwhost wg peers
 < fwhost wo subnet
 < fw red
 < fw rules reload notice
@@ -3860,6 +3867,7 @@
 < foreshadow
 < fwdfw all subnets
 < fwdfw syn flood protection
+< fwhost wg peers
 < fw red
 < generate ptr
 < hardware vulnerabilities
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index f7cd1899d..7f572a24f 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -1185,6 +1185,40 @@ END
 
 	#End left table. start right table (vpn)
 	print"</tr></table></td><td valign='top'><table width='95%' border='0' align='right'><tr>";
+
+	# WireGuard Peers
+	if (%Wireguard::peers || $optionsfw{'SHOWDROPDOWN'} eq 'on') {
+		print <<EOF;
+			<tr>
+				<td>
+					<input type='radio' name='$grp' id='wg_host_$srctgt' value='wg_host_$srctgt' $checked{$grp}{'wg_host_'.$srctgt}>
+				</td>
+				<td nowrap='nowrap' width='16%'>
+					$Lang::tr{'fwhost wg peers'}
+				</td>
+				<td nowrap='nowrap' width='1%' align='right'>
+					<select name='wg_host_$srctgt' style='width:200px;'>"
+EOF
+			# Sort peers by name
+			foreach my $key (sort { $Wireguard::peers{$a}[2] cmp $Wireguard::peers{$b}[2] } keys %Wireguard::peers) {
+				# Load the peer
+				my %peer = &Wireguard::load_peer($key);
+
+				# Is this peer selected?
+				my $selected = ($fwdfwsettings{$fwdfwsettings{$grp}} eq $peer{'NAME'}) ? "selected" : "";
+
+				print <<EOF;
+					<option value="$peer{'NAME'}" $selected>$peer{'NAME'}</option>
+EOF
+			}
+
+			print <<EOF;
+					</select>
+				</td>
+			</tr>
+EOF
+	}
+
 	# CCD networks
 	if( ! -z $configccdnet || $optionsfw{'SHOWDROPDOWN'} eq 'on'){
 		print"<td width='1%'><input type='radio' name='$grp' id='ovpn_net_$srctgt' value='ovpn_net_$srctgt'  $checked{$grp}{'ovpn_net_'.$srctgt}></td><td nowrap='nowrap' width='16%'>$Lang::tr{'fwhost ccdnet'}</td><td nowrap='nowrap' width='1%' align='right'><select name='ovpn_net_$srctgt' style='width:200px;'>";
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b50781570..3fd6c2e57 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1365,6 +1365,7 @@
 'fwhost type' => 'Type',
 'fwhost used' => 'Used',
 'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wg peers' => 'WireGuard Peers',
 'fwhost wo subnet' => '(without subnet)',
 'g.dtm' => 'TO BE REMOVED',
 'g.lite' => 'TO BE REMOVED',