add: dhcp on firewall

backend/modules/firewall/firewall.py

@@ -39,7 +39,8 @@ class FirewallManager:
                 allow_icmp=self.allow_icmp,
                 multicast_dns=self.multicast_dns,
                 allow_upnp=self.allow_upnp,
-                drop_invalid=self.drop_invalid
+                drop_invalid=self.drop_invalid,
+                allow_dhcp=self.allow_dhcp
             )
     
     @settings.setter
@@ -51,6 +52,7 @@ class FirewallManager:
         self.multicast_dns=value.multicast_dns
         self.allow_upnp=value.allow_upnp
         self.drop_invalid=value.drop_invalid
+        self.allow_dhcp=value.allow_dhcp
 
     @property
     def policy(self):
@@ -124,3 +126,10 @@ class FirewallManager:
     def drop_invalid(self, value):
         self.db.set("drop_invalid", "1" if value else "0")
     
+    @property
+    def allow_dhcp(self):
+        return self.db.get("allow_dhcp", "1") == "1"
+    
+    @drop_invalid.setter
+    def allow_dhcp(self, value):
+        self.db.set("allow_dhcp", "1" if value else "0")

backend/modules/firewall/models.py

@@ -70,3 +70,4 @@ class FirewallSettings(BaseModel):
     multicast_dns: bool
     allow_upnp: bool
     drop_invalid: bool
+    allow_dhcp: bool

backend/modules/firewall/nftables.py

@@ -135,6 +135,25 @@ class FiregexTables(NFTableManager):
                     ]
                 }}},
             ])
+        if opt.allow_dhcp:
+            rules.extend([
+                { "add":{ "rule": {
+                    "family": "ip", "table": self.filter_table, "chain": self.rules_chain_in,
+                    "expr": [
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'sport'}}, 'op': '==', 'right': 67} },
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'dport'}}, 'op': '==', 'right': 68} },
+                        { "accept": None }
+                    ]
+                }}},
+                { "add":{ "rule": {
+                    "family": "ip6", "table": self.filter_table, "chain": self.rules_chain_in,
+                    "expr": [
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'sport'}}, 'op': '==', 'right': 67} },
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'dport'}}, 'op': '==', 'right': 68} },
+                        { "accept": None }
+                    ]
+                }}},
+            ])
         return rules
     
     def __init__(self):

frontend/src/components/Firewall/utils.ts

@@ -53,7 +53,8 @@ export type FirewallSettings = {
     allow_icmp: boolean,
     multicast_dns: boolean,
     allow_upnp: boolean,
-    drop_invalid: boolean
+    drop_invalid: boolean,
+    allow_dhcp: boolean
 }
 
 

frontend/src/pages/Firewall/SettingsModal.tsx

@@ -46,7 +46,8 @@ export function SettingsModal({ opened, onClose }:{ opened:boolean, onClose:()=>
             <Switch label="Allow UPnP protocol" checked={settings.allow_upnp} onChange={v => setSettings({...settings, allow_upnp:v.target.checked})}/>
             <Space h="md" />
             <Switch label="Drop invalid packet" checked={settings.drop_invalid} onChange={v => setSettings({...settings, drop_invalid:v.target.checked})}/>
-
+            <Space h="md" />
+            <Switch label="Allow DHCP" checked={settings.allow_dhcp} onChange={v => setSettings({...settings, allow_dhcp:v.target.checked})}/>
             <Group position="right" mt="md">
                 <Button loading={submitLoading} onClick={submitRequest}>Save Setting</Button>
             </Group>

start.py

@@ -114,7 +114,7 @@ volumes:
         else:
             sep()
             puts("--- WARNING ---", color=colors.yellow)
-            puts("You are not in a linux machine, due to docker limitation on other platform, the firewall will not work in this machine. You will only see the interface of firegex.", color=colors.red)
+            puts("You are not in a linux machine, the firewall will not work in this machine.", color=colors.red)
             compose.write(f"""
 version: '3.9'