Merge pull request #1835 from RaspAP/feat/wg-iptables-iface

Feature: User-configurable interface for WG PostUp/PostDown rules
2025-12-27 07:31:09 +01:00 · 2025-04-25 08:44:24 +02:00
parent c3175459ab f614fa80dc
commit eda490e452
4 changed files with 23 additions and 13 deletions
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,13 +11,14 @@ function DisplayWireGuardConfig()
    $parseFlag = true;
    if (!RASPI_MONITOR_ENABLED) {
        $optRules     = isset($_POST['wgRules']) ? $_POST['wgRules'] : null;
+        $optInterface = isset($_POST['wgInterface']) ? $_POST['wgInterface'] : null;
        $optConf      = isset($_POST['wgCnfOpt']) ? $_POST['wgCnfOpt'] : null;
        $optSrvEnable = isset($_POST['wgSrvEnable']) ? $_POST['wgSrvEnable'] : null;
        $optLogEnable = isset($_POST['wgLogEnable']) ? $_POST['wgLogEnable'] : null;
        if (isset($_POST['savewgsettings']) && $optConf == 'manual' && $optSrvEnable == 1 ) {
            SaveWireGuardConfig($status);
        } elseif (isset($_POST['savewgsettings']) && $optConf == 'upload' && is_uploaded_file($_FILES["wgFile"]["tmp_name"])) {
-            SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules);
+            SaveWireGuardUpload($status, $_FILES['wgFile'], $optRules, $optInterface);
        } elseif (isset($_POST['savewgsettings']) && isset($_POST['wg_penabled']) ) {
            SaveWireGuardConfig($status);
        } elseif (isset($_POST['startwg'])) {
@@ -77,12 +78,17 @@ function DisplayWireGuardConfig()
    }
    $peer_id = $peer_id ?? "1";

+    // fetch available interfaces
+    exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
+    sort($interfaces);
+
    echo renderTemplate(
        "wireguard", compact(
            "status",
            "wg_state",
            "serviceStatus",
            "public_ip",
+            "interfaces",
            "optRules",
            "optLogEnable",
            "peer_id",
@@ -110,9 +116,10 @@ function DisplayWireGuardConfig()
 * @param  object $status
 * @param  object $file
 * @param  boolean $optRules
+ * @param  string $optInterface
 * @return object $status
 */
-function SaveWireGuardUpload($status, $file, $optRules)
+function SaveWireGuardUpload($status, $file, $optRules, $optInterface)
 {
    define('KB', 1024);
    $tmp_destdir = '/tmp/';
@@ -147,7 +154,7 @@ function SaveWireGuardUpload($status, $file, $optRules)
            $rules[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
            $rules[] = '';
            $rules = join(PHP_EOL, $rules);
-            $rules = preg_replace('/wlan0/m', $_SESSION['ap_interface'], $rules);
+            $rules = preg_replace('/wlan0/m', $optInterface, $rules);
            $tmp_contents = preg_replace('/^\s*$/ms', $rules, $tmp_contents, 1);
            file_put_contents($tmp_wgconfig, $tmp_contents);
        }
--- a/locale/en_US/LC_MESSAGES/messages.mo
+++ b/locale/en_US/LC_MESSAGES/messages.mo
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1355,14 +1355,14 @@ msgstr "Upload a WireGuard config"
 msgid "This option uploads and installs an existing WireGuard <code>.conf</code> file on this device."
 msgstr "This option uploads and installs an existing WireGuard <code>.conf</code> file on this device."

-msgid "Apply iptables rules for AP interface"
-msgstr "Apply iptables rules for AP interface"
+msgid "Apply iptables rules to the selected interface"
+msgstr "Apply iptables rules to the selected interface"

-msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
-msgstr "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."
+msgid "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on a desired interface. The active AP interface is the default."
+msgstr "Recommended if you wish to forward network traffic from the wg0 interface to clients connected on a desired interface. The active AP interface is the default."

-msgid "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."
-msgstr "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."
+msgid "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the interface selected below."
+msgstr "This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the interface selected below."

 msgid "Select WireGuard configuration file (.conf)"
 msgstr "Select WireGuard configuration file (.conf)"
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -35,17 +35,20 @@
                  <div class="form-check form-switch">
                    <?php $checked = $optRules == 1 ? 'checked="checked"' : '' ?>
                    <input class="form-check-input" id="chxwgrules" name="wgRules" type="checkbox" value="1" <?php echo $checked ?> />
-                    <label class="form-check-label" for="chxwgrules"><?php echo _("Apply iptables rules for AP interface"); ?></label>
-                    <i class="fas fa-question-circle text-muted" data-bs-toggle="tooltip" data-bs-placement="auto" title="<?php echo _("Recommended if you wish to forward network traffic from the wg0 interface to clients connected on the AP interface."); ?>"></i>
+                    <label class="form-check-label" for="chxwgrules"><?php echo _("Apply iptables rules to the selected interface"); ?></label>
+                    <i class="fas fa-question-circle text-muted" data-bs-toggle="tooltip" data-bs-placement="auto" title="<?php echo _("Recommended if you wish to forward network traffic from the wg0 interface to clients connected on a desired interface. The active AP interface is the default."); ?>"></i>
                    <p id="wg-description">
-                      <small><?php printf(_("This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the configured AP interface (%s)."), $_SESSION['ap_interface']) ?></small>
+                      <small><?php echo _("This option adds <strong>iptables</strong> <code>Postup</code> and <code>PostDown</code> rules for the interface selected below."); ?></small>
+                      <div class="col-sm-6">
+                        <?php SelectorOptions('wgInterface', $interfaces, $_SESSION['ap_interface'], 'cbxinterface'); ?>
+                      </div>
                    </p>
                  </div>
                </div>

                <div class="mb-3">
                  <h5 class="panel-title"><?php echo _("Configuration File"); ?></h4>
-                  <div class="custom-file">
+                  <div class="col-sm-8 custom-file">
                    <input type="file" class="form-control" name="wgFile" id="wgFile">
                    <label class="form-label" for="wgFile"><?php echo _("Select WireGuard configuration file (.conf)"); ?></label>
                  </div>