Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-01-31 11:36:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add 'Enforce Route Policy' field to WireGuardInstance model and forms

Browse Source
This commit is contained in:
Eduardo Silva
2026-01-27 11:20:16 -03:00
parent b6426e41c0
commit 20d5387232
4 changed files with 90 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
templates/wireguard/wireguard_manage_server.html
View File

@@ -1,9 +1,10 @@
{% extends 'base.html' %} {% extends 'base.html' %}
{% load crispy_forms_tags %} {% load crispy_forms_tags %}
{% load i18n %}
{% block content %} {% block content %}
<div class="row"> <div class="row">
<div class="{% if form_size %}{{ form_size }}{% else %}col-lg-12{% endif %}"> <div class="col-lg-6">
<div class="card card-primary card-outline"> <div class="card card-primary card-outline">
{% if page_title %} {% if page_title %}
<div class="card-header"> <div class="card-header">
@@ -17,6 +18,69 @@
</div> </div>
</div> </div>
</div> </div>
<div class="col-lg-6">
<div class="card card-primary card-outline">
<div class="card-body row">
<div class="col-lg-12">
<h5>{% trans "Display Name" %}</h5>
<p>
{% blocktrans %}
Optional name used only for display in the web interface.
{% endblocktrans %}
</p>
<h5>{% trans "Web Refresh Interval" %}</h5>
<p>
{% blocktrans %}
Interval used to refresh WireGuard status information in the web UI.
{% endblocktrans %}
</p>
<h5>{% trans "Public Address" %}</h5>
<p>
{% blocktrans %}
Public hostname or IP address and UDP port used by peers to connect.
<br>
The <b>listen port</b> must be exposed and mapped in your Docker compose (YAML) file.
{% endblocktrans %}
</p>
<h5>{% trans "Interface Keys" %}</h5>
<p>
{% blocktrans %}
WireGuard private and public keys for this interface.
<br>
The private key must remain secret.
Changing it requires updating all peer configurations.
{% endblocktrans %}
</p>
<h5>{% trans "Internal Network" %}</h5>
<p>
{% blocktrans %}
Internal IP address and netmask used by the WireGuard interface.
{% endblocktrans %}
</p>
<h5>{% trans "DNS Configuration" %}</h5>
<p>
{% blocktrans %}
DNS servers pushed to peers.
<br>
Using the internal IP as primary DNS enables internal name resolution
and DNS filtering.
{% endblocktrans %}
</p>
<h5>{% trans "Enforce Route Policy" %}</h5>
<p>
{% blocktrans %}
Enforces routing rules defined by routing templates using firewall rules.
<br>
Peers with a default route (0.0.0.0/0) are not restricted.
<br><br>
Note: depending on the number of routes and peers, this option may generate
a large number of firewall rules.
{% endblocktrans %}
</p>
</div>
</div>
</div>
</div>
</div> </div>
{% endblock %} {% endblock %}

7
wireguard/forms.py
View File

@@ -23,12 +23,13 @@ class WireGuardInstanceForm(forms.ModelForm):
peer_list_refresh_interval = forms.IntegerField(label=_('Web Refresh Interval'), initial=10) peer_list_refresh_interval = forms.IntegerField(label=_('Web Refresh Interval'), initial=10)
dns_primary = forms.GenericIPAddressField(label=_('Primary DNS'), initial='1.1.1.1', required=False) dns_primary = forms.GenericIPAddressField(label=_('Primary DNS'), initial='1.1.1.1', required=False)
dns_secondary = forms.GenericIPAddressField(label=_('Secondary DNS'), initial='', required=False) dns_secondary = forms.GenericIPAddressField(label=_('Secondary DNS'), initial='', required=False)
enforce_route_policy = forms.BooleanField(label=_('Enforce Route Policy'), required=False)
class Meta: class Meta:
model = WireGuardInstance model = WireGuardInstance
fields = [ fields = [
'name', 'instance_id', 'private_key', 'public_key','hostname', 'listen_port', 'address', 'name', 'instance_id', 'private_key', 'public_key','hostname', 'listen_port', 'address',
'netmask', 'peer_list_refresh_interval', 'dns_primary', 'dns_secondary' 'netmask', 'peer_list_refresh_interval', 'dns_primary', 'dns_secondary', 'enforce_route_policy'
] ]
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
@@ -86,6 +87,10 @@ class WireGuardInstanceForm(forms.ModelForm):
Column('dns_secondary', css_class='form-group col-md-6 mb-0'), Column('dns_secondary', css_class='form-group col-md-6 mb-0'),
css_class='form-row' css_class='form-row'
), ),
Row(
Column('enforce_route_policy', css_class='form-group col-md-12 mb-0'),
css_class='form-row'
),
css_class='col-lg-12' css_class='col-lg-12'
), ),
css_class='row' css_class='row'

18
wireguard/migrations/0029_wireguardinstance_enforce_route_policy.py Normal file
View File

@@ -0,0 +1,18 @@
# Generated by Django 5.2.9 on 2026-01-27 13:07
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('wireguard', '0028_peer_routing_template'),
]
operations = [
migrations.AddField(
model_name='wireguardinstance',
name='enforce_route_policy',
field=models.BooleanField(default=False),
),
]

1
wireguard/models.py
View File

@@ -64,6 +64,7 @@ class WireGuardInstance(models.Model):
dns_secondary = models.GenericIPAddressField(unique=False, protocol='IPv4', default='1.0.0.1', blank=True, null=True) dns_secondary = models.GenericIPAddressField(unique=False, protocol='IPv4', default='1.0.0.1', blank=True, null=True)
pending_changes = models.BooleanField(default=True) pending_changes = models.BooleanField(default=True)
legacy_firewall = models.BooleanField(default=False) legacy_firewall = models.BooleanField(default=False)
enforce_route_policy = models.BooleanField(default=False)
created = models.DateTimeField(auto_now_add=True) created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True) updated = models.DateTimeField(auto_now=True)