search

donaldzou / WGDashboard

Simple dashboard for WireGuard VPN written in Python w/ Flask
Apache License 2.0
1.42k stars 208 forks source link

Adding Semicolon separated Firewall rules in the web UI casues errors and logs out. #349

Closed mzs114 closed 1 week ago

mzs114 commented 2 weeks ago

Describe The Problem Trying to add Postup and PostDown semi colon separate firewall rules from the Debian wiki wireguard config and it logs me out, when this happened two times I checked the error log. Debian wiki shows that wireguard configuration can accept semi colon separate statements.

https://wiki.debian.org/WireGuard

Expected Error / Traceback

[2024-08-28 08:05:48,125] ERROR in app: Exception on /api/addWireguardConfiguration [POST]
Traceback (most recent call last):
  File "/home/admin/WGDashboard/src/venv/lib/python3.11/site-packages/flask/app.py", line 1473, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/admin/WGDashboard/src/venv/lib/python3.11/site-packages/flask/app.py", line 882, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/admin/WGDashboard/src/venv/lib/python3.11/site-packages/flask_cors/extension.py", line 178, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
                                                ^^^^^^^^^^^^^^^^^^
  File "/home/admin/WGDashboard/src/venv/lib/python3.11/site-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/admin/WGDashboard/src/venv/lib/python3.11/site-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/admin/WGDashboard/src/dashboard.py", line 1595, in API_addWireguardConfiguration
    WireguardConfigurations[data['ConfigurationName']] = WireguardConfiguration(data=data)
                                                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/admin/WGDashboard/src/dashboard.py", line 496, in __init__
    self.__parser["Interface"] = {
    ~~~~~~~~~~~~~^^^^^^^^^^^^^
  File "/usr/lib/python3.11/configparser.py", line 993, in __setitem__
    self.read_dict({key: value})
  File "/usr/lib/python3.11/configparser.py", line 770, in read_dict
    self.set(section, key, value)
  File "/usr/lib/python3.11/configparser.py", line 1220, in set
    super().set(section, option, value)
  File "/usr/lib/python3.11/configparser.py", line 910, in set
    value = self._interpolation.before_set(self, section, option,
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/configparser.py", line 403, in before_set
    raise ValueError("invalid interpolation syntax in %r at "
ValueError: invalid interpolation syntax in 'iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; iptables -I FORWARD -i wg1 -o wg1 -j DROP;' at position 23

To Reproduce Followed the Github mentioned steps for Debian 12.x without docker.

OS Information:

Sample of your .conf file I manually added something like the below configruation on the server and it works fine, but the Web UI errors atm.

[Interface]
Address = 192.168.11.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
ListenPort = 51820
PrivateKey = YOUR_SERVER_PRIVATE KEY

[Peer]
PublicKey = YOUR_CLIENT_PUBLIC_KEY
AllowedIPs = 192.168.11.2/32

[Peer]
PublicKey = OTHER_CLIENT_PUBLIC_KEY
AllowedIPs = ...
NOXCIS commented 2 weeks ago

use a script if possible. I.E PostUp = /opt/wireguarddashboard/src/iptable-rules/Admins/postup.sh PreDown = /opt/wireguarddashboard/src/iptable-rules/Admins/postdown.sh

donaldzou commented 2 weeks ago

Seems like it is caused by the %i.. using a script mentioned by @NOXCIS is a good idea :)

mzs114 commented 1 week ago

Seems like it is caused by the %i.. using a script mentioned by @NOXCIS is a good idea :)

Can we use single/double quotes to escape this and not face this error? I did not know that WGD includes the scripts, checking them now. :)

Edit: My bad, the %i needs to replaced with interface name, it cannot be a variable or a placeholder.