From 3bcb69888eabf32ebfec10389cbb42eed8c91837 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 22 Apr 2025 19:59:43 +0200 Subject: [PATCH] firewall: Actually create WireGuard rules Signed-off-by: Michael Tremer --- config/cfgroot/wireguard-functions.pl | 1 + config/firewall/firewall-lib.pl | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl index bbdf122a6..79b3bb097 100644 --- a/config/cfgroot/wireguard-functions.pl +++ b/config/cfgroot/wireguard-functions.pl @@ -184,6 +184,7 @@ sub load_peer($) { "LOCAL_SUBNETS" => &decode_subnets($peers{$key}[10]), "PSK" => $peers{$key}[11], "KEEPALIVE" => $peers{$key}[12], + "INTERFACE" => ($type eq "host") ? "wg0" : "wg${key}", ); return \%peer; diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index 92c1de957..1977be19f 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -385,6 +385,25 @@ sub get_address push(@ret, [$host_address, ""]); } + # WireGuard Peers + } elsif ($key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') { + my $peer = &Wireguard::get_peer_by_name($value); + if (defined $peer) { + my $remotes; + + # Select the remote IP addresses + if ($peer->{'TYPE'} eq 'host') { + $remotes = $peer->{'CLIENT_ADDRESS'}; + } elsif ($peer->{'TYPE'} eq 'net') { + $remotes = $peer->{'REMOTE_SUBNETS'}; + } + + # Add all remotes + foreach my $remote (@$remotes) { + push(@ret, [$remote, $peer->{'INTERFACE'}]); + } + } + # OpenVPN networks. } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) { my $network_address = &get_ovpn_net_ip($value, 1); -- 2.39.5