add: dhcp on firewall

backend/modules/firewall/firewall.py

@@ -39,7 +39,8 @@ class FirewallManager:
                 allow_icmp=self.allow_icmp,
                 multicast_dns=self.multicast_dns,
                 allow_upnp=self.allow_upnp,
-                drop_invalid=self.drop_invalid
+                drop_invalid=self.drop_invalid,
+                allow_dhcp=self.allow_dhcp
             )
     
     @settings.setter
@@ -51,6 +52,7 @@ class FirewallManager:
         self.multicast_dns=value.multicast_dns
         self.allow_upnp=value.allow_upnp
         self.drop_invalid=value.drop_invalid
+        self.allow_dhcp=value.allow_dhcp
 
     @property
     def policy(self):
@@ -124,3 +126,10 @@ class FirewallManager:
     def drop_invalid(self, value):
         self.db.set("drop_invalid", "1" if value else "0")
     
+    @property
+    def allow_dhcp(self):
+        return self.db.get("allow_dhcp", "1") == "1"
+    
+    @drop_invalid.setter
+    def allow_dhcp(self, value):
+        self.db.set("allow_dhcp", "1" if value else "0")

backend/modules/firewall/models.py

@@ -69,4 +69,5 @@ class FirewallSettings(BaseModel):
     allow_icmp: bool
     multicast_dns: bool
     allow_upnp: bool
-    drop_invalid: bool
+    drop_invalid: bool
+    allow_dhcp: bool

backend/modules/firewall/nftables.py

@@ -135,6 +135,25 @@ class FiregexTables(NFTableManager):
                     ]
                 }}},
             ])
+        if opt.allow_dhcp:
+            rules.extend([
+                { "add":{ "rule": {
+                    "family": "ip", "table": self.filter_table, "chain": self.rules_chain_in,
+                    "expr": [
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'sport'}}, 'op': '==', 'right': 67} },
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'dport'}}, 'op': '==', 'right': 68} },
+                        { "accept": None }
+                    ]
+                }}},
+                { "add":{ "rule": {
+                    "family": "ip6", "table": self.filter_table, "chain": self.rules_chain_in,
+                    "expr": [
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'sport'}}, 'op': '==', 'right': 67} },
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'dport'}}, 'op': '==', 'right': 68} },
+                        { "accept": None }
+                    ]
+                }}},
+            ])
         return rules
     
     def __init__(self):