Firewall rule management

firewall/models.py

@@ -1,5 +1,6 @@
 from django.db import models
 from wireguard.models import Peer, WireGuardInstance
+from wireguard.models import NETMASK_CHOICES
 import uuid
 
 
@@ -24,3 +25,55 @@ class RedirectRule(models.Model):
         unique_together = ['port', 'protocol']
 
 
+class FirewallRule(models.Model):
+    description = models.CharField(max_length=100, blank=True, null=True)
+    firewall_chain = models.CharField(max_length=12, default='forward', choices=[('forward', 'FORWARD'), ('postrouting', 'POSTROUTING (nat)')])
+
+    in_interface = models.CharField(max_length=12, default='', blank=True, null=True)
+    out_interface = models.CharField(max_length=12, default='', blank=True, null=True)
+
+    source_ip = models.GenericIPAddressField(blank=True, null=True, protocol='IPv4')
+    source_netmask = models.PositiveIntegerField(default=32, choices=NETMASK_CHOICES)
+    source_peer = models.ManyToManyField(Peer, related_name="forward_rules_as_source", blank=True)
+    source_peer_include_networks = models.BooleanField(default=False)
+    not_source = models.BooleanField(default=False)
+
+    destination_ip = models.GenericIPAddressField(blank=True, null=True, protocol='IPv4')
+    destination_netmask = models.PositiveIntegerField(default=32, choices=NETMASK_CHOICES)
+    destination_peer = models.ManyToManyField(Peer, related_name="forward_rules_as_destination", blank=True)
+    destination_peer_include_networks = models.BooleanField(default=False)
+    not_destination = models.BooleanField(default=False)
+
+    protocol = models.CharField(max_length=4, default='', blank=True, null=True, choices=[('', 'all'), ('tcp', 'TCP'), ('udp', 'UDP'), ('both', 'TCP+UDP'), ('icmp', 'ICMP'),])
+    destination_port = models.CharField(max_length=11, blank=True, null=True)
+
+    state_new = models.BooleanField(default=False)
+    state_related = models.BooleanField(default=False)
+    state_established = models.BooleanField(default=False)
+    state_invalid = models.BooleanField(default=False)
+    state_untracked = models.BooleanField(default=False)
+    not_state = models.BooleanField(default=False)
+
+    rule_action = models.CharField(max_length=10, default='accept', choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP'), ('masquerade', 'MASQUERADE')])
+    
+    sort_order = models.PositiveIntegerField(default=0)
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(primary_key=True, editable=False, default=uuid.uuid4)
+
+    def __str__(self):
+        return str(self.uuid)
+
+
+class FirewallSettings(models.Model):
+    name = models.CharField(max_length=6, default='global', unique=True)
+    default_forward_policy = models.CharField(max_length=6, default='accept', choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP')])
+    default_output_policy = models.CharField(max_length=6, default='accept', choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP')])
+    allow_peer_to_peer = models.BooleanField(default=True)
+    allow_instance_to_instance = models.BooleanField(default=True)
+    wan_interface = models.CharField(max_length=12, default='eth0')
+    pending_changes = models.BooleanField(default=False)
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+