1 files changed, 96 insertions, 0 deletions
diff --git a/main/firewall.c b/main/firewall.c
new file mode 100644
index 0000000..9ef3be0
--- /dev/null
+++ b/main/firewall.c
@@ -0,0 +1,96 @@
+#include "firewall.h"
+#include "dns_server.h"
+#include "esp_log.h"
+#include "lwip/lwip_napt.h"
+#include <string.h>
+#define MAX_CLIENTS 10
+static const char *TAG = "firewall";
+static esp_ip4_addr_t s_ap_ip;
+static bool s_nat_enabled = false;
+typedef struct {
+    uint32_t ip;
+} fw_client_t;
+static fw_client_t s_clients[MAX_CLIENTS];
+static int s_client_count = 0;
+esp_err_t firewall_init(esp_ip4_addr_t ap_ip)
+{
+    s_ap_ip = ap_ip;
+    memset(s_clients, 0, sizeof(s_clients));
+    s_client_count = 0;
+    ESP_LOGI(TAG, "Firewall initialized with AP IP=" IPSTR, IP2STR(&s_ap_ip));
+    return ESP_OK;
+}
+void firewall_enable_nat(void)
+{
+    if (s_nat_enabled) return;
+    ip_napt_enable(s_ap_ip.addr, 1);
+    s_nat_enabled = true;
+    ESP_LOGI(TAG, "NAT enabled");
+}
+void firewall_disable_nat(void)
+{
+    if (!s_nat_enabled) return;
+    ip_napt_enable(s_ap_ip.addr, 0);
+    s_nat_enabled = false;
+    ESP_LOGI(TAG, "NAT disabled");
+}
+void firewall_grant_access(uint32_t client_ip)
+{
+    for (int i = 0; i < s_client_count; i++) {
+        if (s_clients[i].ip == client_ip) return;
+    }
+    if (s_client_count >= MAX_CLIENTS) {
+        ESP_LOGW(TAG, "Max clients reached, cannot grant access");
+        return;
+    }
+    s_clients[s_client_count].ip = client_ip;
+    s_client_count++;
+    dns_server_set_client_authenticated(client_ip, true);
+    esp_ip4_addr_t ip_addr = { .addr = client_ip };
+    ESP_LOGI(TAG, "Access granted to " IPSTR, IP2STR(&ip_addr));
+}
+void firewall_revoke_access(uint32_t client_ip)
+{
+    for (int i = 0; i < s_client_count; i++) {
+        if (s_clients[i].ip == client_ip) {
+            s_clients[i] = s_clients[s_client_count - 1];
+            s_client_count--;
+            dns_server_set_client_authenticated(client_ip, false);
+            esp_ip4_addr_t ip_addr = { .addr = client_ip };
+            ESP_LOGI(TAG, "Access revoked for " IPSTR, IP2STR(&ip_addr));
+            return;
+        }
+    }
+}
+void firewall_revoke_all(void)
+{
+    for (int i = 0; i < s_client_count; i++) {
+        dns_server_set_client_authenticated(s_clients[i].ip, false);
+    }
+    s_client_count = 0;
+    ESP_LOGI(TAG, "All client access revoked");
+}
+bool firewall_is_client_allowed(uint32_t client_ip)
+{
+    for (int i = 0; i < s_client_count; i++) {
+        if (s_clients[i].ip == client_ip) return true;
+    }
+    return false;
+}
+int firewall_client_count(void)
+{
+    return s_client_count;
+}

diff --git a/main/firewall.c b/main/firewall.c new file mode 100644 index 0000000..9ef3be0 --- /dev/null +++ b/main/firewall.c
@@ -0,0 +1,96 @@
	1	#include "firewall.h"
	2	#include "dns_server.h"
	3	#include "esp_log.h"
	4	#include "lwip/lwip_napt.h"
	5	#include <string.h>
	6
	7	#define MAX_CLIENTS 10
	8
	9	static const char *TAG = "firewall";
	10	static esp_ip4_addr_t s_ap_ip;
	11	static bool s_nat_enabled = false;
	12
	13	typedef struct {
	14	uint32_t ip;
	15	} fw_client_t;
	16
	17	static fw_client_t s_clients[MAX_CLIENTS];
	18	static int s_client_count = 0;
	19
	20	esp_err_t firewall_init(esp_ip4_addr_t ap_ip)
	21	{
	22	s_ap_ip = ap_ip;
	23	memset(s_clients, 0, sizeof(s_clients));
	24	s_client_count = 0;
	25	ESP_LOGI(TAG, "Firewall initialized with AP IP=" IPSTR, IP2STR(&s_ap_ip));
	26	return ESP_OK;
	27	}
	28
	29	void firewall_enable_nat(void)
	30	{
	31	if (s_nat_enabled) return;
	32	ip_napt_enable(s_ap_ip.addr, 1);
	33	s_nat_enabled = true;
	34	ESP_LOGI(TAG, "NAT enabled");
	35	}
	36
	37	void firewall_disable_nat(void)
	38	{
	39	if (!s_nat_enabled) return;
	40	ip_napt_enable(s_ap_ip.addr, 0);
	41	s_nat_enabled = false;
	42	ESP_LOGI(TAG, "NAT disabled");
	43	}
	44
	45	void firewall_grant_access(uint32_t client_ip)
	46	{
	47	for (int i = 0; i < s_client_count; i++) {
	48	if (s_clients[i].ip == client_ip) return;
	49	}
	50	if (s_client_count >= MAX_CLIENTS) {
	51	ESP_LOGW(TAG, "Max clients reached, cannot grant access");
	52	return;
	53	}
	54	s_clients[s_client_count].ip = client_ip;
	55	s_client_count++;
	56	dns_server_set_client_authenticated(client_ip, true);
	57
	58	esp_ip4_addr_t ip_addr = { .addr = client_ip };
	59	ESP_LOGI(TAG, "Access granted to " IPSTR, IP2STR(&ip_addr));
	60	}
	61
	62	void firewall_revoke_access(uint32_t client_ip)
	63	{
	64	for (int i = 0; i < s_client_count; i++) {
	65	if (s_clients[i].ip == client_ip) {
	66	s_clients[i] = s_clients[s_client_count - 1];
	67	s_client_count--;
	68	dns_server_set_client_authenticated(client_ip, false);
	69	esp_ip4_addr_t ip_addr = { .addr = client_ip };
	70	ESP_LOGI(TAG, "Access revoked for " IPSTR, IP2STR(&ip_addr));
	71	return;
	72	}
	73	}
	74	}
	75
	76	void firewall_revoke_all(void)
	77	{
	78	for (int i = 0; i < s_client_count; i++) {
	79	dns_server_set_client_authenticated(s_clients[i].ip, false);
	80	}
	81	s_client_count = 0;
	82	ESP_LOGI(TAG, "All client access revoked");
	83	}
	84
	85	bool firewall_is_client_allowed(uint32_t client_ip)
	86	{
	87	for (int i = 0; i < s_client_count; i++) {
	88	if (s_clients[i].ip == client_ip) return true;
	89	}
	90	return false;
	91	}
	92
	93	int firewall_client_count(void)
	94	{
	95	return s_client_count;
	96	}