From 1de3bd132fb2a3aa8bdd19c45342889ccb3771d4 Mon Sep 17 00:00:00 2001 From: Eduardo Silva Date: Fri, 1 Mar 2024 16:32:14 -0300 Subject: [PATCH] Firewall settings form and small papercuts --- firewall/forms.py | 16 +++++ firewall/views.py | 34 ++++++++- templates/firewall/firewall_rule_list.html | 1 + templates/firewall/manage_firewall_rule.html | 14 ++-- .../firewall/manage_firewall_settings.html | 69 +++++++++++++++++++ templates/firewall/redirect_rule_list.html | 2 +- wgwadmlibrary/tools.py | 19 +++++ wireguard_webadmin/urls.py | 5 +- 8 files changed, 149 insertions(+), 11 deletions(-) create mode 100644 templates/firewall/manage_firewall_settings.html diff --git a/firewall/forms.py b/firewall/forms.py index 11024dc..1ac4d39 100644 --- a/firewall/forms.py +++ b/firewall/forms.py @@ -1,5 +1,6 @@ from firewall.models import RedirectRule, FirewallRule, FirewallSettings from wireguard.models import Peer, WireGuardInstance, NETMASK_CHOICES +from wgwadmlibrary.tools import list_network_interfaces from django import forms import re @@ -135,4 +136,19 @@ class FirewallRuleForm(forms.ModelForm): return cleaned_data +class FirewallSettingsForm(forms.ModelForm): + interface_choices = [] + for interface in list_network_interfaces(): + if not interface.startswith('wg') and interface != 'lo': + interface_choices.append((interface, interface)) + #if interface.startswith('wg'): + # list_network_interfaces().remove(interface) + default_forward_policy = forms.ChoiceField(label='Default Forward Policy', choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP')], initial='accept') + allow_peer_to_peer = forms.BooleanField(label='Allow Peer to Peer', required=False) + allow_instance_to_instance = forms.BooleanField(label='Allow Instance to Instance', required=False) + wan_interface = forms.ChoiceField(label='WAN Interface', choices=interface_choices, initial='eth0') + + class Meta: + model = FirewallSettings + fields = ['default_forward_policy', 'allow_peer_to_peer', 'allow_instance_to_instance', 'wan_interface'] \ No newline at end of file diff --git a/firewall/views.py b/firewall/views.py index d401a53..c5f78b4 100644 --- a/firewall/views.py +++ b/firewall/views.py @@ -1,10 +1,11 @@ from django.shortcuts import render, get_object_or_404, redirect from django.db.models import Max from firewall.models import RedirectRule, FirewallRule, FirewallSettings -from firewall.forms import RedirectRuleForm, FirewallRuleForm +from firewall.forms import RedirectRuleForm, FirewallRuleForm, FirewallSettingsForm from django.contrib import messages from wireguard.models import WireGuardInstance from user_manager.models import UserAcl +from wgwadmlibrary.tools import list_network_interfaces def view_redirect_rule_list(request): @@ -124,3 +125,34 @@ def manage_firewall_rule(request): context['current_chain'] = current_chain return render(request, 'firewall/manage_firewall_rule.html', context=context) + + +def view_manage_firewall_settings(request): + if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=40).exists(): + return render(request, 'access_denied.html', {'page_title': 'Access Denied'}) + context = {'page_title': 'Manage Firewall Settings'} + previous_firewall_chain = request.GET.get('chain') + if previous_firewall_chain not in ['forward', 'portforward', 'postrouting']: + previous_firewall_chain = 'forward' + + if previous_firewall_chain == 'portforward': + redirect_url = '/firewall/port_forward/' + else: + redirect_url = '/firewall/rule_list/?chain=' + previous_firewall_chain + + firewall_settings, firewall_settings_created = FirewallSettings.objects.get_or_create(name='global') + + if request.method == 'POST': + form = FirewallSettingsForm(request.POST, instance=firewall_settings) + if form.is_valid(): + form.save() + messages.success(request, 'Firewall settings saved successfully') + return redirect(redirect_url) + else: + form = FirewallSettingsForm(instance=firewall_settings) + context['form'] = form + context['instance'] = firewall_settings + context['back_url'] = redirect_url + + return render(request, 'firewall/manage_firewall_settings.html', context=context) + diff --git a/templates/firewall/firewall_rule_list.html b/templates/firewall/firewall_rule_list.html index 0895a30..f3deb2d 100644 --- a/templates/firewall/firewall_rule_list.html +++ b/templates/firewall/firewall_rule_list.html @@ -86,6 +86,7 @@ Create Firewall Rule + Firewall Settings diff --git a/templates/firewall/manage_firewall_rule.html b/templates/firewall/manage_firewall_rule.html index 9d4f2df..840152f 100644 --- a/templates/firewall/manage_firewall_rule.html +++ b/templates/firewall/manage_firewall_rule.html @@ -14,7 +14,7 @@

@@ -93,7 +93,7 @@

@@ -134,7 +134,7 @@

@@ -193,7 +193,7 @@

@@ -252,7 +252,7 @@

@@ -310,7 +310,7 @@

@@ -350,7 +350,7 @@

diff --git a/templates/firewall/manage_firewall_settings.html b/templates/firewall/manage_firewall_settings.html new file mode 100644 index 0000000..0139dfa --- /dev/null +++ b/templates/firewall/manage_firewall_settings.html @@ -0,0 +1,69 @@ +{% extends 'base.html' %} + + +{% block content %} +
+
+
+ {% csrf_token %} +
+
+
+
+ +
+ + +
+ + +
+ + +
+ + + + +
+ + +
+ + +
+ + +
+ +
+ +
+ +
+
+ + + + +
+
+ + Back +
+
+
+ + +
+
+ +{% endblock %} \ No newline at end of file diff --git a/templates/firewall/redirect_rule_list.html b/templates/firewall/redirect_rule_list.html index 0c28717..da2698d 100644 --- a/templates/firewall/redirect_rule_list.html +++ b/templates/firewall/redirect_rule_list.html @@ -67,7 +67,7 @@ Create Port forwarding Rule - + Firewall Settings diff --git a/wgwadmlibrary/tools.py b/wgwadmlibrary/tools.py index 4053c7a..1f1f50c 100644 --- a/wgwadmlibrary/tools.py +++ b/wgwadmlibrary/tools.py @@ -1,4 +1,5 @@ import ipaddress, re +import subprocess def is_valid_ip_or_hostname(value): @@ -15,3 +16,21 @@ def is_valid_ip_or_hostname(value): return True return False + + +def list_network_interfaces(): + # Executa o comando 'ip link show' com grep para filtrar linhas com 'UP' + cmd = "ip link show | grep UP" + cmd_output = subprocess.check_output(cmd, shell=True, text=True) + + # Processa a saída para extrair os nomes das interfaces + interfaces = [] + for line in cmd_output.split('\n'): + if line: # Verifica se a linha não está vazia + parts = line.split(': ') + if len(parts) > 1: + # O nome da interface está na segunda posição após o split + interface_name = parts[1].split('@')[0] # Remove qualquer coisa após '@' + interfaces.append(interface_name) + + return interfaces \ No newline at end of file diff --git a/wireguard_webadmin/urls.py b/wireguard_webadmin/urls.py index 73a7fd3..60c31d5 100644 --- a/wireguard_webadmin/urls.py +++ b/wireguard_webadmin/urls.py @@ -23,7 +23,7 @@ from user_manager.views import view_user_list, view_manage_user from accounts.views import view_create_first_user, view_login, view_logout from wireguard_tools.views import export_wireguard_configs, download_config_or_qrcode, restart_wireguard_interfaces from api.views import wireguard_status, cron_check_updates, cron_update_peer_latest_handshake -from firewall.views import view_redirect_rule_list, manage_redirect_rule, view_firewall_rule_list, manage_firewall_rule +from firewall.views import view_redirect_rule_list, manage_redirect_rule, view_firewall_rule_list, manage_firewall_rule, view_manage_firewall_settings urlpatterns = [ @@ -49,5 +49,6 @@ urlpatterns = [ path('firewall/port_forward/', view_redirect_rule_list, name='redirect_rule_list'), path('firewall/manage_port_forward_rule/', manage_redirect_rule, name='manage_redirect_rule'), path('firewall/rule_list/', view_firewall_rule_list, name='firewall_rule_list'), - path('firewall/manage_firewall_rule/', manage_firewall_rule, name='manage_firewall_rule') + path('firewall/manage_firewall_rule/', manage_firewall_rule, name='manage_firewall_rule'), + path('firewall/firewall_settings/', view_manage_firewall_settings, name='firewall_settings'), ]