firewall: add firewall bridge IP for UI access

when firewall switched to bridge mode, we want to have WebUI access to manage the firewall, allow user setup IP address on the firewall bridge interface through the UI. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2025-04-12 15:42:44 -07:00
parent 57bafb9410
commit cb07f32583
4 changed files with 24 additions and 0 deletions
--- a/config/cfgroot/optionsfw-settings
+++ b/config/cfgroot/optionsfw-settings
@@ -1,4 +1,6 @@
 FWBRIDGEMODE=off
+FWBRIDGEIP=0.0.0.0
+FWBRIDGEMASK=0.0.0.0
 BRIDGENETFILTER=off
 DROPNEWNOTSYN=on
 DROPINPUT=on
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -82,6 +82,12 @@ if ($errormessage) {
 if (!$settings{'FWBRIDGEMODE'}) {
 	$settings{'FWBRIDGEMODE'} = 'off';
 }
+if (!$settings{'FWBRIDGEIP'}) {
+	$settings{'FWBRIDGEIP'} = '0.0.0.0';
+}
+if (!$settings{'FWBRIDGEMASK'}) {
+	$settings{'FWBRIDGEMASK'} = '0.0.0.0';
+}
 if (!$settings{'MASQUERADE_GREEN'}) {
 	$settings{'MASQUERADE_GREEN'} = 'on';
 }
@@ -195,6 +201,18 @@ print <<END;
                                </select>
                        </td>
                </tr>
+                <tr>
+                        <td align='left' width='60%'>$Lang::tr{'fw bridge ip'}</td>
+                        <td>
+				<input type='text' name='FWBRIDGEIP' value='$settings{'FWBRIDGEIP'}'/>
+                        </td>
+                </tr>
+                <tr>
+                        <td align='left' width='60%'>$Lang::tr{'fw bridge mask'}</td>
+                        <td>
+				<input type='text' name='FWBRIDGEMASK' value='$settings{'FWBRIDGEMASK'}'/>
+                        </td>
+                </tr>
 	</table>

 	<br>
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1164,6 +1164,8 @@
 'from warn email bad' => 'From e-mail address is not valid',
 'fw mode' => 'Firewall Mode',
 'fw bridge mode' => 'Firewall Bridge Mode',
+'fw bridge ip' => 'Firewall Bridge IP',
+'fw bridge mask' => 'Firewall Bridge Netmask',
 'fw bridge mode disabled' => 'disabled',
 'fw bridge mode enabled' => 'enabled',
 'fw blue' => 'Firewall options for BLUE interface',
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -456,6 +456,8 @@ iptables_init() {
 		ip link set $RED_DEV master $FWBRIDGE
 		ip link set $GREEN_DEV master $FWBRIDGE
 		ip link set $FWBRIDGE up
+		ip a add $FWBRIDGEIP/$FWBRIDGEMASK dev $FWBRIDGE
+		iptables -t filter -A GUIINPUT -i $FWBRIDGE -p tcp -m tcp --dport 444 -j ACCEPT
 	fi
 }