From 333d447c6bfbe9b8767fa6ce3729e75ea6abefd0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 08:32:00 +0000
Subject: [PATCH] Add defaults for wg server PostUp/Down

---
 config/defaults.json   |  6 ++++--
 includes/wireguard.php | 10 +++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 3c584ed0..55dd0938 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -38,10 +38,12 @@
     "server": {
       "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ]
+      "DNS": [ "10.3.141.1" ],
+      "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
+      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1:51820" ],
+      "Endpoint": [ "10.253.3.1" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 0707efbb..63b26827 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -87,12 +87,12 @@ function SaveWireGuardConfig($status)
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!validateCidr($_POST['wg_pendpoint'])) {
+        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
     }
-    if (isset($_POST['wg_pallowedips'])) {
+    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
         if (!validateCidr($_POST['wg_pallowedips'])) {
             $status->addMessage('Invalid value for allowed IPs', 'danger');
             $good_input = false;
@@ -115,13 +115,13 @@ function SaveWireGuardConfig($status)
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
         if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
         }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {