Firewall settings form and small papercuts

firewall/forms.py

@@ -1,5 +1,6 @@
 from firewall.models import RedirectRule, FirewallRule, FirewallSettings
 from wireguard.models import Peer, WireGuardInstance, NETMASK_CHOICES
+from wgwadmlibrary.tools import list_network_interfaces
 from django import forms
 import re
 
@@ -135,4 +136,19 @@ class FirewallRuleForm(forms.ModelForm):
         return cleaned_data
 
 
+class FirewallSettingsForm(forms.ModelForm):
+    interface_choices = []
+    for interface in list_network_interfaces():
+        if not interface.startswith('wg') and interface != 'lo':
+            interface_choices.append((interface, interface))
 
+        #if interface.startswith('wg'):
+        #    list_network_interfaces().remove(interface)
+    default_forward_policy = forms.ChoiceField(label='Default Forward Policy', choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP')], initial='accept')
+    allow_peer_to_peer = forms.BooleanField(label='Allow Peer to Peer', required=False)
+    allow_instance_to_instance = forms.BooleanField(label='Allow Instance to Instance', required=False)
+    wan_interface = forms.ChoiceField(label='WAN Interface', choices=interface_choices, initial='eth0')
+
+    class Meta:
+        model = FirewallSettings
+        fields = ['default_forward_policy', 'allow_peer_to_peer', 'allow_instance_to_instance', 'wan_interface']

firewall/views.py

@@ -1,10 +1,11 @@
 from django.shortcuts import render, get_object_or_404, redirect
 from django.db.models import Max
 from firewall.models import RedirectRule, FirewallRule, FirewallSettings
-from firewall.forms import RedirectRuleForm, FirewallRuleForm
+from firewall.forms import RedirectRuleForm, FirewallRuleForm, FirewallSettingsForm
 from django.contrib import messages
 from wireguard.models import WireGuardInstance
 from user_manager.models import UserAcl
+from wgwadmlibrary.tools import list_network_interfaces
 
 
 def view_redirect_rule_list(request):
@@ -124,3 +125,34 @@ def manage_firewall_rule(request):
     context['current_chain'] = current_chain
     
     return render(request, 'firewall/manage_firewall_rule.html', context=context)
+
+
+def view_manage_firewall_settings(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=40).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
+    context = {'page_title': 'Manage Firewall Settings'}
+    previous_firewall_chain = request.GET.get('chain')
+    if previous_firewall_chain not in ['forward', 'portforward', 'postrouting']:
+        previous_firewall_chain = 'forward'
+
+    if previous_firewall_chain == 'portforward':
+        redirect_url = '/firewall/port_forward/'
+    else:
+        redirect_url = '/firewall/rule_list/?chain=' + previous_firewall_chain
+        
+    firewall_settings, firewall_settings_created = FirewallSettings.objects.get_or_create(name='global')
+
+    if request.method == 'POST':
+        form = FirewallSettingsForm(request.POST, instance=firewall_settings)
+        if form.is_valid():
+            form.save()
+            messages.success(request, 'Firewall settings saved successfully')
+            return redirect(redirect_url)
+    else:
+        form = FirewallSettingsForm(instance=firewall_settings)
+    context['form'] = form
+    context['instance'] = firewall_settings
+    context['back_url'] = redirect_url
+
+    return render(request, 'firewall/manage_firewall_settings.html', context=context)
+