From aff726b9282ec4e5f3de69e8b927e1afb0828fee Mon Sep 17 00:00:00 2001
From: Vincent Li <vincent.mc.li@gmail.com>
Date: Thu, 3 Jul 2025 22:55:18 +0000
Subject: [PATCH] firewall: Add WireGuard RW to the UI

    commit 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6
    Author: Michael Tremer <michael.tremer@ipfire.org>
    Date:   Thu Sep 12 19:39:26 2024 +0200

        firewall: Add WireGuard RW to the UI

        Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
---
 config/cfgroot/general-functions.pl |  8 ++++++++
 config/cfgroot/header.pl            |  1 +
 html/cgi-bin/firewall.cgi           | 29 ++++++++++++++++++++++++-----
 html/cgi-bin/fwhosts.cgi            | 10 ++++++++++
 langs/en/cgi-bin/en.pl              |  1 +
 5 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 875ff5103..181922ba6 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -26,6 +26,7 @@ $General::swroot = 'CONFIG_ROOT';
 $General::noipprefix = 'noipg-';
 
 require "${General::swroot}/network-functions.pl";
+require "${General::swroot}/wireguard-functions.pl";
 
 # This function executes a shell command without forking a shell or do any other
 # Perl-voodoo before it. It deprecates the "system" command and is the only way
@@ -180,6 +181,13 @@ sub setup_default_networks
 			$defaultNetworks->{'IPsec RW (' .$ip."/".$sub.")"}{'NET'} = &getnextip($ip);
 		}
 	}
+
+	# WireGuard
+	if ($Wireguard::settings{'CLIENT_POOL'}) {
+		my $name = $Lang::tr{'wg rw peers'};
+
+		$defaultNetworks->{$name}{'NAME'} = "WGRW";
+	}
 }
 sub get_aliases
 {
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 5164e9731..df7b0f009 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -35,6 +35,7 @@ $Header::colouryellow = '#FFFF00';
 $Header::colourgreen = '#339933';
 $Header::colourblue = '#333399';
 $Header::colourovpn = '#339999';
+$Header::colourwg = '#ff007f';
 $Header::colourfw = '#000000';
 $Header::colourvpn = '#990099';
 $Header::colourerr = '#FF0000';
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index a8478c5c5..ca3b827e1 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -837,8 +837,14 @@ sub checkrule
 					$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr<br>";
 				}
 		}else{
+			$errormessage .= $sip;
+			$errormessage .= $scidr;
+
+			$errormessage .= $tip;
+			$errormessage .= $tcidr;
+
 			if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
-			$errormessage.=$Lang::tr{'fwdfw err samesub'};
+				$errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}};
 			}
 		}
 	}
@@ -1291,19 +1297,22 @@ sub get_ip
 		if ($fwdfwsettings{$grp} eq $val.'_addr'){
 			($a,$b)   = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
 		}elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
-			if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+			if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "GREEN"){
 				$a=$netsettings{'GREEN_NETADDRESS'};
 				$b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
-			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "ORANGE"){
 				$a=$netsettings{'ORANGE_NETADDRESS'};
 				$b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
-			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "BLUE"){
 				$a=$netsettings{'BLUE_NETADDRESS'};
 				$b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
-			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "OpenVPN-Dyn"){
 				&General::readhash("$configovpn",\%ovpnsettings);
 				($a,$b)   = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
 				$b=&General::iporsubtocidr($b);
+			# WireGuard
+			}elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "WGRW") {
+				return $Wireguard::settings{'CLIENT_POOL'};
 			}
 		}elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
 			&General::readhasharray("$confignet", \%customnetwork);
@@ -1454,6 +1463,9 @@ sub getcolor
 		}elsif ($val eq 'IPsec RW' ){
 			$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
 			return;
+		}elsif ($val eq "WGRW") {
+			$tdcolor="style='background-color: $Header::colourwg; color: white;'";
+			return;
 		}elsif($val =~ /^(.*?)\/(.*?)$/){
 			my ($sip,$scidr) = split ("/",$val);
 			if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
@@ -1520,6 +1532,13 @@ sub getcolor
 					}
 				}
 			}
+			# WireGuard Roadwarrior
+			if ($Wireguard::settings{'CLIENT_POOL'}) {
+				if (&Network::ip_address_in_network($c, $Wireguard::settings{'CLIENT_POOL'})) {
+					$tdcolor="style='background-color: $Header::colourwg; color:white;'";
+					return;
+				}
+			}
 		}
 		#VPN networks
 		if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index d6be6c40e..ec6a06cde 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1965,6 +1965,13 @@ sub getcolor
 			}
 		}
 
+		# WireGuard Roadwarrior
+		if ($Wireguard::settings{'CLIENT_POOL'}) {
+			if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) {
+				return "<font style='color: $Header::colourwg;'>$c</font>"
+			}
+		}
+
 		#Check if IP is part of OpenVPN dynamic subnet
 		my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
 		if (&General::IpInSubnet($sip,$a,$b)){
@@ -3036,6 +3043,9 @@ sub getipforgroup
 			&General::readhash("${General::swroot}/ethernet/settings",\%hash);
 			return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'};
 		}
+		if ($name eq "WGRW") {
+			return $Wireguard::settings{'CLIENT_POOL'};
+		}
 		if ($name eq 'ALL'){
 			return "0.0.0.0/0";
 		}
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 14565584a..660efb679 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1367,6 +1367,7 @@
 'fwhost type' => 'Type',
 'fwhost used' => 'Used',
 'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wg peers' => 'WireGuard Peers',
 'fwhost wo subnet' => '(without subnet)',
 'g.dtm' => 'TO BE REMOVED',
 'g.lite' => 'TO BE REMOVED',