diff options
| author | Your Name <you@example.com> | 2026-05-15 13:06:25 +0530 |
|---|---|---|
| committer | Your Name <you@example.com> | 2026-05-15 13:06:25 +0530 |
| commit | 8a2307a5ced6da94cc674602219d5a68a1246264 (patch) | |
| tree | fe622a9960434fc3a42d3d1aa2ba748d804118fa /main/firewall.c | |
initiall commit
Diffstat (limited to 'main/firewall.c')
| -rw-r--r-- | main/firewall.c | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/main/firewall.c b/main/firewall.c new file mode 100644 index 0000000..9ef3be0 --- /dev/null +++ b/main/firewall.c | |||
| @@ -0,0 +1,96 @@ | |||
| 1 | #include "firewall.h" | ||
| 2 | #include "dns_server.h" | ||
| 3 | #include "esp_log.h" | ||
| 4 | #include "lwip/lwip_napt.h" | ||
| 5 | #include <string.h> | ||
| 6 | |||
| 7 | #define MAX_CLIENTS 10 | ||
| 8 | |||
| 9 | static const char *TAG = "firewall"; | ||
| 10 | static esp_ip4_addr_t s_ap_ip; | ||
| 11 | static bool s_nat_enabled = false; | ||
| 12 | |||
| 13 | typedef struct { | ||
| 14 | uint32_t ip; | ||
| 15 | } fw_client_t; | ||
| 16 | |||
| 17 | static fw_client_t s_clients[MAX_CLIENTS]; | ||
| 18 | static int s_client_count = 0; | ||
| 19 | |||
| 20 | esp_err_t firewall_init(esp_ip4_addr_t ap_ip) | ||
| 21 | { | ||
| 22 | s_ap_ip = ap_ip; | ||
| 23 | memset(s_clients, 0, sizeof(s_clients)); | ||
| 24 | s_client_count = 0; | ||
| 25 | ESP_LOGI(TAG, "Firewall initialized with AP IP=" IPSTR, IP2STR(&s_ap_ip)); | ||
| 26 | return ESP_OK; | ||
| 27 | } | ||
| 28 | |||
| 29 | void firewall_enable_nat(void) | ||
| 30 | { | ||
| 31 | if (s_nat_enabled) return; | ||
| 32 | ip_napt_enable(s_ap_ip.addr, 1); | ||
| 33 | s_nat_enabled = true; | ||
| 34 | ESP_LOGI(TAG, "NAT enabled"); | ||
| 35 | } | ||
| 36 | |||
| 37 | void firewall_disable_nat(void) | ||
| 38 | { | ||
| 39 | if (!s_nat_enabled) return; | ||
| 40 | ip_napt_enable(s_ap_ip.addr, 0); | ||
| 41 | s_nat_enabled = false; | ||
| 42 | ESP_LOGI(TAG, "NAT disabled"); | ||
| 43 | } | ||
| 44 | |||
| 45 | void firewall_grant_access(uint32_t client_ip) | ||
| 46 | { | ||
| 47 | for (int i = 0; i < s_client_count; i++) { | ||
| 48 | if (s_clients[i].ip == client_ip) return; | ||
| 49 | } | ||
| 50 | if (s_client_count >= MAX_CLIENTS) { | ||
| 51 | ESP_LOGW(TAG, "Max clients reached, cannot grant access"); | ||
| 52 | return; | ||
| 53 | } | ||
| 54 | s_clients[s_client_count].ip = client_ip; | ||
| 55 | s_client_count++; | ||
| 56 | dns_server_set_client_authenticated(client_ip, true); | ||
| 57 | |||
| 58 | esp_ip4_addr_t ip_addr = { .addr = client_ip }; | ||
| 59 | ESP_LOGI(TAG, "Access granted to " IPSTR, IP2STR(&ip_addr)); | ||
| 60 | } | ||
| 61 | |||
| 62 | void firewall_revoke_access(uint32_t client_ip) | ||
| 63 | { | ||
| 64 | for (int i = 0; i < s_client_count; i++) { | ||
| 65 | if (s_clients[i].ip == client_ip) { | ||
| 66 | s_clients[i] = s_clients[s_client_count - 1]; | ||
| 67 | s_client_count--; | ||
| 68 | dns_server_set_client_authenticated(client_ip, false); | ||
| 69 | esp_ip4_addr_t ip_addr = { .addr = client_ip }; | ||
| 70 | ESP_LOGI(TAG, "Access revoked for " IPSTR, IP2STR(&ip_addr)); | ||
| 71 | return; | ||
| 72 | } | ||
| 73 | } | ||
| 74 | } | ||
| 75 | |||
| 76 | void firewall_revoke_all(void) | ||
| 77 | { | ||
| 78 | for (int i = 0; i < s_client_count; i++) { | ||
| 79 | dns_server_set_client_authenticated(s_clients[i].ip, false); | ||
| 80 | } | ||
| 81 | s_client_count = 0; | ||
| 82 | ESP_LOGI(TAG, "All client access revoked"); | ||
| 83 | } | ||
| 84 | |||
| 85 | bool firewall_is_client_allowed(uint32_t client_ip) | ||
| 86 | { | ||
| 87 | for (int i = 0; i < s_client_count; i++) { | ||
| 88 | if (s_clients[i].ip == client_ip) return true; | ||
| 89 | } | ||
| 90 | return false; | ||
| 91 | } | ||
| 92 | |||
| 93 | int firewall_client_count(void) | ||
| 94 | { | ||
| 95 | return s_client_count; | ||
| 96 | } | ||