frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Add excelusion option to firewall GUI

Browse Source
This commit is contained in:
Christian Zeitnitz 2021-07-20 21:56:00 +02:00
parent 721e576779
commit e049dd6d45
2 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
includes/firewall.php
View File

@ -103,9 +103,9 @@ function configureFirewall() {
} }
function WriteFirewallConf($conf) { function WriteFirewallConf($conf) {
$ret = false; $ret = false;
if ( is_array($conf) ) $ret = write_php_ini($conf,RASPAP_FIREWALL_CONF); if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
return $ret; return $ret;
} }
@ -127,7 +127,7 @@ function ReadFirewallConf() {
$conf["client-device"] = ""; $conf["client-device"] = "";
$conf["restricted-ips"] = ""; $conf["restricted-ips"] = "";
} }
# get openvpn server IP (if existing) # get openvpn server IP (if existing)
if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) { if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) {
exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' | sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret); exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' | sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret);
@ -142,7 +142,7 @@ function ReadFirewallConf() {
} }
# get wireguard server IP (if existing) # get wireguard server IP (if existing)
if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) { if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
# search for endpoint # search for endpoint
} }
return $conf; return $conf;
} }
@ -158,6 +158,13 @@ function DisplayFirewallConfig()
getWifiInterface(); getWifiInterface();
$ap_device = $_SESSION['ap_interface']; $ap_device = $_SESSION['ap_interface'];
$clients = getClients(); $clients = getClients();
$str_clients = "";
foreach( $clients["device"] as $dev ) {
if ( !$dev["isAP"] ) {
if ( !empty($str_clients) ) $str_clients .= ", ";
$str_clients .= $dev["name"];
}
}
$fw_conf = ReadFirewallConf(); $fw_conf = ReadFirewallConf();
$fw_conf["ap-device"] = $ap_device; $fw_conf["ap-device"] = $ap_device;
$id=findCurrentClientIndex($clients); $id=findCurrentClientIndex($clients);
@ -170,13 +177,21 @@ function DisplayFirewallConfig()
if ( isset($_POST['apply-firewall']) ) $status->addMessage(_('Firewall settings changed'), 'success'); if ( isset($_POST['apply-firewall']) ) $status->addMessage(_('Firewall settings changed'), 'success');
if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning'); if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
if ( isset($_POST['save-firewall']) ) $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success'); if ( isset($_POST['save-firewall']) ) $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
if ( isset($_POST['excl-devices']) ) {
$excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
$excl = str_replace(' ', '', $excl);
if ( !empty($excl) && $fw_conf["excl-devices"] != $excl ) {
$status->addMessage(_('Exclude devices '. $excl), 'success');
$fw_conf["excl-devices"] = $excl;
}
}
WriteFirewallConf($fw_conf); WriteFirewallConf($fw_conf);
configureFirewall(); configureFirewall();
} }
echo renderTemplate("firewall", compact( echo renderTemplate("firewall", compact(
"status", "status",
"ap_device", "ap_device",
"clients", "str_clients",
"fw_conf", "fw_conf",
"ipt_rules") "ipt_rules")
); );

13
templates/firewall.php
View File

@ -18,10 +18,9 @@
<?php endif ?> <?php endif ?>
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
<p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed.") ?></small></p> <p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed. There are no restrictions for the access point.") ?></small></p>
</div> </div>
</div> </div>
<form id="frm-firewall" action="firewall_conf" method="POST" > <form id="frm-firewall" action="firewall_conf" method="POST" >
<?php echo CSRFTokenFieldTag(); ?> <?php echo CSRFTokenFieldTag(); ?>
<h5><?php echo _("Exceptions for Services"); ?></h4> <h5><?php echo _("Exceptions for Services"); ?></h4>
@ -40,6 +39,16 @@
</p> </p>
</div> </div>
</div> </div>
<h5><?php echo _("Exclusions from the firewall"); ?></h4>
<div class="row">
<div class="form-group col-md-6">
<label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
<input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description" >
<p class="mb-0" id="exclusion-description">
<small><?php echo _("Exclude the given network device(s) (separated by a comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
</p>
</div>
</div>
<?php if ($fw_conf["firewall-enable"]) : ?> <?php if ($fw_conf["firewall-enable"]) : ?>
<input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" /> <input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
<input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>" name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/> <input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>" name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>