mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-25 00:50:29 +00:00
Add excelusion option to firewall GUI
This commit is contained in:
Christian Zeitnitz
parent
721e576779
commit
e049dd6d45
2 changed files with 32 additions and 8 deletions
|
|
@ -103,9 +103,9 @@ function configureFirewall() {
|
|||
}
|
||||
|
||||
function WriteFirewallConf($conf) {
|
||||
$ret = false;
|
||||
if ( is_array($conf) ) $ret = write_php_ini($conf,RASPAP_FIREWALL_CONF);
|
||||
return $ret;
|
||||
$ret = false;
|
||||
if ( is_array($conf) ) write_php_ini($conf,RASPAP_FIREWALL_CONF);
|
||||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -127,7 +127,7 @@ function ReadFirewallConf() {
|
|||
$conf["client-device"] = "";
|
||||
$conf["restricted-ips"] = "";
|
||||
}
|
||||
|
||||
|
||||
# get openvpn server IP (if existing)
|
||||
if ( RASPI_OPENVPN_ENABLED && file_exists(RASPI_OPENVPN_CLIENT_CONFIG) ) {
|
||||
exec('cat '.RASPI_OPENVPN_CLIENT_CONFIG.' | sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $ret);
|
||||
|
|
@ -142,7 +142,7 @@ function ReadFirewallConf() {
|
|||
}
|
||||
# get wireguard server IP (if existing)
|
||||
if ( RASPI_WIREGUARD_ENABLED && file_exists(RASPI_WIREGUARD_CONFIG) ) {
|
||||
# search for endpoint
|
||||
# search for endpoint
|
||||
}
|
||||
return $conf;
|
||||
}
|
||||
|
|
@ -158,6 +158,13 @@ function DisplayFirewallConfig()
|
|||
getWifiInterface();
|
||||
$ap_device = $_SESSION['ap_interface'];
|
||||
$clients = getClients();
|
||||
$str_clients = "";
|
||||
foreach( $clients["device"] as $dev ) {
|
||||
if ( !$dev["isAP"] ) {
|
||||
if ( !empty($str_clients) ) $str_clients .= ", ";
|
||||
$str_clients .= $dev["name"];
|
||||
}
|
||||
}
|
||||
$fw_conf = ReadFirewallConf();
|
||||
$fw_conf["ap-device"] = $ap_device;
|
||||
$id=findCurrentClientIndex($clients);
|
||||
|
|
@ -170,13 +177,21 @@ function DisplayFirewallConfig()
|
|||
if ( isset($_POST['apply-firewall']) ) $status->addMessage(_('Firewall settings changed'), 'success');
|
||||
if ( isset($_POST['firewall-disable']) ) $status->addMessage(_('Firewall is now disabled'), 'warning');
|
||||
if ( isset($_POST['save-firewall']) ) $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
|
||||
if ( isset($_POST['excl-devices']) ) {
|
||||
$excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
|
||||
$excl = str_replace(' ', '', $excl);
|
||||
if ( !empty($excl) && $fw_conf["excl-devices"] != $excl ) {
|
||||
$status->addMessage(_('Exclude devices '. $excl), 'success');
|
||||
$fw_conf["excl-devices"] = $excl;
|
||||
}
|
||||
}
|
||||
WriteFirewallConf($fw_conf);
|
||||
configureFirewall();
|
||||
}
|
||||
echo renderTemplate("firewall", compact(
|
||||
"status",
|
||||
"ap_device",
|
||||
"clients",
|
||||
"str_clients",
|
||||
"fw_conf",
|
||||
"ipt_rules")
|
||||
);
|
||||
|
|
|
|||
|
|
@ -18,10 +18,9 @@
|
|||
<?php endif ?>
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed.") ?></small></p>
|
||||
<p class="mr-2"><small><?php echo _("The default firewall will allow only outgoing and already established traffic. No UDP traffic is allowed. There are no restrictions for the access point.") ?></small></p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<form id="frm-firewall" action="firewall_conf" method="POST" >
|
||||
<?php echo CSRFTokenFieldTag(); ?>
|
||||
<h5><?php echo _("Exceptions for Services"); ?></h4>
|
||||
|
|
@ -40,6 +39,16 @@
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<h5><?php echo _("Exclusions from the firewall"); ?></h4>
|
||||
<div class="row">
|
||||
<div class="form-group col-md-6">
|
||||
<label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
|
||||
<input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description" >
|
||||
<p class="mb-0" id="exclusion-description">
|
||||
<small><?php echo _("Exclude the given network device(s) (separated by a comma) from firewall rules.<br>Current client devices: <code>$str_clients</code><br>The access point <code>". $ap_device ."</code> is per default excluded.") ?></small>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<?php if ($fw_conf["firewall-enable"]) : ?>
|
||||
<input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
|
||||
<input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>" name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>
|
||||
|
|
|
|||
Loading…
Reference in a new issue