diff --git a/templates/wireguard/wireguard_manage_server.html b/templates/wireguard/wireguard_manage_server.html index eb2bf3f..ea787de 100644 --- a/templates/wireguard/wireguard_manage_server.html +++ b/templates/wireguard/wireguard_manage_server.html @@ -1,9 +1,10 @@ {% extends 'base.html' %} {% load crispy_forms_tags %} +{% load i18n %} {% block content %}
-
+
{% if page_title %}
@@ -17,6 +18,69 @@
+
+
+
+
+
{% trans "Display Name" %}
+

+ {% blocktrans %} + Optional name used only for display in the web interface. + {% endblocktrans %} +

+
{% trans "Web Refresh Interval" %}
+

+ {% blocktrans %} + Interval used to refresh WireGuard status information in the web UI. + {% endblocktrans %} +

+
{% trans "Public Address" %}
+

+ {% blocktrans %} + Public hostname or IP address and UDP port used by peers to connect. +
+ The listen port must be exposed and mapped in your Docker compose (YAML) file. + {% endblocktrans %} +

+
{% trans "Interface Keys" %}
+

+ {% blocktrans %} + WireGuard private and public keys for this interface. +
+ The private key must remain secret. + Changing it requires updating all peer configurations. + {% endblocktrans %} +

+
{% trans "Internal Network" %}
+

+ {% blocktrans %} + Internal IP address and netmask used by the WireGuard interface. + {% endblocktrans %} +

+
{% trans "DNS Configuration" %}
+

+ {% blocktrans %} + DNS servers pushed to peers. +
+ Using the internal IP as primary DNS enables internal name resolution + and DNS filtering. + {% endblocktrans %} +

+
{% trans "Enforce Route Policy" %}
+

+ {% blocktrans %} + Enforces routing rules defined by routing templates using firewall rules. +
+ Peers with a default route (0.0.0.0/0) are not restricted. +

+ Note: depending on the number of routes and peers, this option may generate + a large number of firewall rules. + {% endblocktrans %} +

+
+
+
+
{% endblock %} diff --git a/wireguard/forms.py b/wireguard/forms.py index 35f4fd8..eaf9018 100644 --- a/wireguard/forms.py +++ b/wireguard/forms.py @@ -23,12 +23,13 @@ class WireGuardInstanceForm(forms.ModelForm): peer_list_refresh_interval = forms.IntegerField(label=_('Web Refresh Interval'), initial=10) dns_primary = forms.GenericIPAddressField(label=_('Primary DNS'), initial='1.1.1.1', required=False) dns_secondary = forms.GenericIPAddressField(label=_('Secondary DNS'), initial='', required=False) + enforce_route_policy = forms.BooleanField(label=_('Enforce Route Policy'), required=False) class Meta: model = WireGuardInstance fields = [ 'name', 'instance_id', 'private_key', 'public_key','hostname', 'listen_port', 'address', - 'netmask', 'peer_list_refresh_interval', 'dns_primary', 'dns_secondary' + 'netmask', 'peer_list_refresh_interval', 'dns_primary', 'dns_secondary', 'enforce_route_policy' ] def __init__(self, *args, **kwargs): @@ -86,6 +87,10 @@ class WireGuardInstanceForm(forms.ModelForm): Column('dns_secondary', css_class='form-group col-md-6 mb-0'), css_class='form-row' ), + Row( + Column('enforce_route_policy', css_class='form-group col-md-12 mb-0'), + css_class='form-row' + ), css_class='col-lg-12' ), css_class='row' diff --git a/wireguard/migrations/0029_wireguardinstance_enforce_route_policy.py b/wireguard/migrations/0029_wireguardinstance_enforce_route_policy.py new file mode 100644 index 0000000..4f219e6 --- /dev/null +++ b/wireguard/migrations/0029_wireguardinstance_enforce_route_policy.py @@ -0,0 +1,18 @@ +# Generated by Django 5.2.9 on 2026-01-27 13:07 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('wireguard', '0028_peer_routing_template'), + ] + + operations = [ + migrations.AddField( + model_name='wireguardinstance', + name='enforce_route_policy', + field=models.BooleanField(default=False), + ), + ] diff --git a/wireguard/models.py b/wireguard/models.py index db1e630..fd4a6e0 100644 --- a/wireguard/models.py +++ b/wireguard/models.py @@ -64,6 +64,7 @@ class WireGuardInstance(models.Model): dns_secondary = models.GenericIPAddressField(unique=False, protocol='IPv4', default='1.0.0.1', blank=True, null=True) pending_changes = models.BooleanField(default=True) legacy_firewall = models.BooleanField(default=False) + enforce_route_policy = models.BooleanField(default=False) created = models.DateTimeField(auto_now_add=True) updated = models.DateTimeField(auto_now=True)