firewall: Add support for WireGuard peers to groups

commit 1de96a83d6d6cec5d4d3eda1792aa80bfbd8fafe
    Author: Michael Tremer <michael.tremer@ipfire.org>
    Date:   Wed Apr 23 12:35:52 2025 +0200

        firewall: Add support for WireGuard peers to groups

        Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>

config/firewall/firewall-lib.pl

@@ -239,6 +239,8 @@ sub get_std_net_ip
 		return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}";
 	}elsif($val eq 'RED'){
 		return "0.0.0.0/0";
+	}elsif($val eq 'WGRW'){
+		return $Wireguard::settings{'CLIENT_POOL'};
 	}elsif($val =~ /OpenVPN/i){
 		return "$ovpnsettings{'DOVPN_SUBNET'}";
 	}elsif($val =~ /IPsec/i){
@@ -259,6 +261,10 @@ sub get_interface
 	if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){
 		return "$netsettings{'BLUE_DEV'}";
 	}
+	# Wireguard
+	if ($net eq $Wireguard::settings{'CLIENT_POOL'}) {
+		return "wg0";
+	}
 	if($net eq "0.0.0.0/0") {
 		return &get_external_interface();
 	}
@@ -385,6 +391,25 @@ sub get_address
 			push(@ret, [$host_address, ""]);
 		}
 
+	# WireGuard Peers
+	} elsif ($key eq 'wg_peer' || $key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') {
+		my $peer = &Wireguard::get_peer_by_name($value);
+		if (defined $peer) {
+			my $remotes;
+
+			# Select the remote IP addresses
+			if ($peer->{'TYPE'} eq 'host') {
+				$remotes = $peer->{'CLIENT_ADDRESS'};
+			} elsif ($peer->{'TYPE'} eq 'net') {
+				$remotes = $peer->{'REMOTE_SUBNETS'};
+			}
+
+			# Add all remotes
+			foreach my $remote (@$remotes) {
+				push(@ret, [$remote, $peer->{'INTERFACE'}]);
+			}
+		}
+
 	# OpenVPN networks.
 	} elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) {
 		my $network_address = &get_ovpn_net_ip($value, 1);