Add IPv6 firewalls (close #12)

conf/ynh-hotspot

@@ -38,28 +38,25 @@ is_nat_set() {
 
 is_ip4nataddr_set() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   ip address show dev "${dev}" 2> /dev/null | grep -q "${ynh_ip4_nat_prefix[${i}]}.1/24"
 }
 
 is_ip6addr_set() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   ip address show dev "${dev}" 2> /dev/null | grep -q "${ynh_ip6_addr[${i}]}/64"
 }
 
+is_ip6firewall_set() {
+  i=${1}
+  dev=$(devfromid "${i}")
+
+  ip6tables -nvL FORWARD | grep DROP | grep -q "${dev}"
+}
+
 is_forwarding_set() {
   ip6=$(sysctl net.ipv6.conf.all.forwarding | awk '{ print $NF; }')
   ip4=$(sysctl net.ipv4.conf.all.forwarding | awk '{ print $NF; }')
@@ -85,7 +82,9 @@ is_hostapd_running() {
 
 is_running() {
   for i in $(seq 0 $((${ynh_multissid} - 1))); do
-    ( has_ip6delegatedprefix ${i} && is_ip6addr_set ${i} && is_dhcpd6_running ${i} || ! has_ip6delegatedprefix ${i} )\
+    ( has_ip6delegatedprefix ${i} && is_ip6addr_set ${i}\
+      && ( [ "${ynh_ip6_firewall[${i}]}" -eq 1 ] && is_ip6firewall_set ${i} || [ "${ynh_ip6_firewall[${i}]}" -eq 0 ] )\
+      && is_dhcpd6_running ${i} || ! has_ip6delegatedprefix ${i} )\
     && is_ip4nataddr_set ${i} && is_dhcpd4_running ${i}
 
     if [ ! $? -eq 0 ]; then
@@ -106,29 +105,28 @@ set_nat() {
 
 set_ip4nataddr() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   ip address add "${ynh_ip4_nat_prefix[${i}]}.1/24" dev "${dev}"
 }
 
 set_ip6addr() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   ip address delete "${ynh_ip6_addr[${i}]}/64" dev tun0 &> /dev/null
   ip address add "${ynh_ip6_addr[${i}]}/64" dev "${dev}"
 }
 
+set_ip6firewall() {
+  i=${1}
+  dev=$(devfromid "${i}")
+
+  ip6tables -A FORWARD -i "${dev}" -j ACCEPT
+  ip6tables -A FORWARD -o "${dev}" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+  ip6tables -A FORWARD -o "${dev}" -j DROP
+}
+
 set_forwarding() {
   sysctl -w net.ipv6.conf.all.forwarding=1 > /dev/null
   sysctl -w net.ipv4.conf.all.forwarding=1 > /dev/null
@@ -136,12 +134,7 @@ set_forwarding() {
 
 start_dhcpd6() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   cp /etc/dnsmasq.dhcpd/dhcpdv6{.conf.tpl,-ssid${i}.conf}
 
@@ -155,12 +148,7 @@ start_dhcpd6() {
 
 start_dhcpd4() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   cp /etc/dnsmasq.dhcpd/dhcpdv4{.conf.tpl,-ssid${i}.conf}
 
@@ -218,28 +206,27 @@ unset_nat() {
 
 unset_ip4nataddr() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   ip address delete "${ynh_ip4_nat_prefix[${i}]}.1/24" dev "${dev}"
 }
 
 unset_ip6addr() {
   i=${1}
-
-  if [ "${i}" -eq 0 ]; then
-    dev=${ynh_wifi_device}
-  else
-    dev="hotspot${i}"
-  fi
+  dev=$(devfromid "${i}")
 
   ip address delete "${ynh_ip6_addr[${i}]}/64" dev "${dev}"
 }
 
+unset_ip6firewall() {
+  i=${1}
+  dev=$(devfromid "${i}")
+
+  ip6tables -D FORWARD -i "${dev}" -j ACCEPT
+  ip6tables -D FORWARD -o "${dev}" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+  ip6tables -D FORWARD -o "${dev}" -j DROP
+}
+
 unset_forwarding() {
   sysctl -w net.ipv6.conf.all.forwarding=0 > /dev/null
   sysctl -w net.ipv4.conf.all.forwarding=0 > /dev/null
@@ -276,6 +263,16 @@ ynh_setting_set() {
   yunohost app setting "${app}" "${setting}" -v "${value}"
 }
 
+devfromid() {
+  i=${1}
+
+  if [ "${i}" -eq 0 ]; then
+    echo "${ynh_wifi_device}"
+  else
+    echo "hotspot${i}"
+  fi
+}
+
 if [ "$1" != restart ]; then
 
   # Restart php5-fpm at the first start (it needs to be restarted after the slapd start)
@@ -297,6 +294,7 @@ if [ "$1" != restart ]; then
   IFS='|' read -a ynh_wifi_secure <<< "$(ynh_setting_get hotspot wifi_secure)"
   IFS='|' read -a ynh_wifi_passphrase <<< "$(ynh_setting_get hotspot wifi_passphrase)"
   IFS='|' read -a ynh_ip6_addr <<< "$(ynh_setting_get hotspot ip6_addr)"
+  IFS='|' read -a ynh_ip6_firewall <<< "$(ynh_setting_get hotspot ip6_firewall)"
   IFS='|' read -a ynh_ip6_net <<< "$(ynh_setting_get hotspot ip6_net)"
   IFS='|' read -a ynh_ip6_dns0 <<< "$(ynh_setting_get hotspot ip6_dns0)"
   IFS='|' read -a ynh_ip6_dns1 <<< "$(ynh_setting_get hotspot ip6_dns1)"
@@ -389,6 +387,12 @@ case "$1" in
           set_ip6addr ${i}
         fi
 
+        # Set ipv6 firewalling
+        if has_ip6delegatedprefix ${i} && [ "${ynh_ip6_firewall[${i}]}" -eq 1 ] && ! is_ip6firewall_set ${i}; then
+          echo "hotspot${i}: Set IPv6 firewalling"
+          set_ip6firewall ${i}
+        fi
+
         # Run DHCPv6 server
         if has_ip6delegatedprefix ${i} && ! is_dhcpd6_running ${i}; then
           echo "hotspot${i}: Start the NDP and DHCPv6 server (dnsmasq)"
@@ -432,6 +436,11 @@ case "$1" in
         unset_ip6addr ${i}
       fi
 
+      if has_ip6delegatedprefix ${i}  && [ "${ynh_ip6_firewall[${i}]}" -eq 1 ] && is_ip6firewall_set ${i}; then
+        echo "hotspot${i}: Unset IPv6 firewalling"
+        unset_ip6firewall ${i}
+      fi
+
       if is_dhcpd6_running ${i}; then
         echo "hotspot${i}: Stop the NDP and DHCPv6 server (dnsmasq)"
         stop_dhcpd6 ${i}
@@ -500,10 +509,21 @@ case "$1" in
           exitcode=1
         fi
 
+        if is_ip6firewall_set ${i}; then
+          echo "[OK] hotspot${i}: IPv6 firewalling set"
+        else
+          if [ "${ynh_ip6_firewall[${i}]}" -eq 1 ]; then
+            echo "[ERR] hotspot${i}: No IPv6 firewalling set"
+          else
+            echo "[INFO] hotspot${i}: No IPv6 firewalling set"
+          fi
+          exitcode=1
+        fi
+
         if is_dhcpd6_running ${i}; then
-          echo "[OK] hotspot${i}: NDP and DHCPv6 server (dnsmasq) is running"
+          echo "[OK] hotspot${i}: NDP and DHCPv6 server (dnsmasq) are running"
         else
-          echo "[ERR] hotspot${i}: NDP and DHCPv6 server (dnsmasq) is not running"
+          echo "[ERR] hotspot${i}: NDP and DHCPv6 server (dnsmasq) are not running"
           exitcode=1
         fi
       else
@@ -513,7 +533,7 @@ case "$1" in
       if is_dhcpd4_running ${i}; then
         echo "[OK] hotspot${i}: DHCPv4 server (dnsmasq) is running"
       else
-        echo "[ERR] hotspot${i}: NDP and DHCPv4 (dnsmasq) is not running"
+        echo "[ERR] hotspot${i}: DHCPv4 (dnsmasq) is not running"
         exitcode=1
       fi
 

scripts/install

@@ -129,6 +129,7 @@ if ! $upgrade; then
   sudo yunohost app setting hotspot wifi_device -v "${wifi_device}"
   sudo yunohost app setting hotspot wifi_channel -v 6
   sudo yunohost app setting hotspot ip6_addr -v "${ip6_addr}"
+  sudo yunohost app setting hotspot ip6_firewall -v 1
   sudo yunohost app setting hotspot ip6_net -v "${ip6_net}"
   sudo yunohost app setting hotspot ip6_dns0 -v 2001:913::8
   sudo yunohost app setting hotspot ip6_dns1 -v 2001:910:800::12

scripts/upgrade

@@ -22,6 +22,16 @@ export HOTSPOT_UPGRADE=1
 sudo bash /etc/yunohost/apps/hotspot/scripts/remove
 bash ./install "${domain}" "${path}" "${wifi_ssid}" "${wifi_passphrase}" "${firmware_nonfree}"
 
+# Changes
+
+if [ "$(ynh_setting hotspot ip6_firewall)" == '' ]; then
+  multissid=$(ynh_setting hotspot multissid)
+  ip6_firewall=$(printf '1|%.0s' $(seq "${multissid}"))
+  ip6_firewall=$(echo "${ip6_firewall%?}")
+
+  sudo yunohost app setting hotspot ip6_firewall -v "${ip6_firewall}"
+fi
+
 sudo systemctl start ynh-hotspot
 
 exit 0

sources/controller.php

@@ -126,6 +126,7 @@ dispatch('/', function() {
   $wifi_secure = getArray(ynh_setting_get('wifi_secure'));
   $wifi_passphrase = getArray(ynh_setting_get('wifi_passphrase'));
   $ip6_net = getArray(ynh_setting_get('ip6_net'));
+  $ip6_firewall = getArray(ynh_setting_get('ip6_firewall'));
   $ip6_dns0 = getArray(ynh_setting_get('ip6_dns0'));
   $ip6_dns1 = getArray(ynh_setting_get('ip6_dns1'));
   $ip4_nat_prefix = getArray(ynh_setting_get('ip4_nat_prefix'));
@@ -139,6 +140,7 @@ dispatch('/', function() {
       'wifi_secure' => noneValue($wifi_secure[$i]),
       'wifi_passphrase' => noneValue($wifi_passphrase[$i]),
       'ip6_net' => noneValue($ip6_net[$i]),
+      'ip6_firewall' => noneValue($ip6_firewall[$i]),
       'ip6_dns0' => noneValue($ip6_dns0[$i]),
       'ip6_dns1' => noneValue($ip6_dns1[$i]),
       'ip4_nat_prefix' => noneValue($ip4_nat_prefix[$i]),
@@ -182,6 +184,7 @@ dispatch_put('/settings', function() {
 
         $ssid['ip6_net'] = empty($ssid['ip6_net']) ? 'none' : $ssid['ip6_net'];
         $ssid['ip6_addr'] = 'none';
+        $ssid['ip6_firewall'] = isset($ssid['ip6_firewall']) ? 1 : 0;
         $ssid['wifi_secure'] = isset($ssid['wifi_secure']) ? 1 : 0;
 
         if(!$ssid['wifi_secure']) {

sources/i18n/fr_FR/LC_MESSAGES/localization.po

@@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-06-11 23:05+0200\n"
-"PO-Revision-Date: 2015-07-08 18:33+0100\n"
+"POT-Creation-Date: 2015-07-24 23:35+0200\n"
+"PO-Revision-Date: 2015-07-24 23:37+0100\n"
 "Last-Translator: root <root@ustelo>\n"
 "Language-Team: French\n"
 "Language: fr\n"
@@ -18,71 +18,71 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 "X-Generator: Poedit 1.6.10\n"
 
-#: views/layout.html.php:27
+#: sources/views/layout.html.php:27
 msgid "Wifi Hotspot"
 msgstr "Point d'accès WiFi"
 
-#: views/layout.html.php:49
+#: sources/views/layout.html.php:49
 msgid "Error"
 msgstr "Erreur"
 
-#: views/layout.html.php:54 views/settings.html.php:122
-#: views/_ssid.html.php:44
+#: sources/views/layout.html.php:54 sources/views/settings.html.php:122
+#: sources/views/_ssid.html.php:44
 msgid "Notice"
 msgstr "Notice"
 
-#: views/layout.html.php:66
+#: sources/views/layout.html.php:66
 msgid "Any problem? Contribute!"
-msgstr "Un souci ? Contribuez !"
+msgstr "Un problème ? Contribuez !"
 
-#: views/settings.html.php:37
+#: sources/views/settings.html.php:37
 msgid "Wifi Hotspot Configuration"
 msgstr "Configuration du point d'accès"
 
-#: views/settings.html.php:39 views/settings.html.php:41
+#: sources/views/settings.html.php:39 sources/views/settings.html.php:41
 msgid ""
 "This is a fast status. Click on More details to show the complete status."
 msgstr ""
 "Ceci est un résumé du statut. Cliquez sur Plus de détails pour consulter "
 "l'intégralité du statut."
 
-#: views/settings.html.php:39
+#: sources/views/settings.html.php:39
 msgid "Running"
 msgstr "En cours d'exécution"
 
-#: views/settings.html.php:41
+#: sources/views/settings.html.php:41
 msgid "Not Running"
 msgstr "Eteint"
 
-#: views/settings.html.php:44
+#: sources/views/settings.html.php:44
 msgid "Loading complete status may take a few minutes. Be patient."
 msgstr "Le chargement du statut peut prendre quelques minutes. Soyez patient."
 
-#: views/settings.html.php:44
+#: sources/views/settings.html.php:44
 msgid "More details"
 msgstr "Plus de détails"
 
-#: views/settings.html.php:60
+#: sources/views/settings.html.php:60
 msgid "Service"
 msgstr "Service"
 
-#: views/settings.html.php:65
+#: sources/views/settings.html.php:65
 msgid "Hotspot Enabled"
 msgstr "Point d'accès activé"
 
-#: views/settings.html.php:73
+#: sources/views/settings.html.php:73
 msgid "Device"
 msgstr "Interface"
 
-#: views/settings.html.php:85
+#: sources/views/settings.html.php:85
 msgid "Channel"
 msgstr "Canal"
 
-#: views/settings.html.php:116
+#: sources/views/settings.html.php:116
 msgid "Add a hotspot"
 msgstr "Ajouter un point d'accès"
 
-#: views/settings.html.php:122
+#: sources/views/settings.html.php:122
 msgid ""
 "You are currently connected through the wifi hotspot. Please, confirm the "
 "reloading, wait for the wifi disconnect/reconnect and go back here to check "
@@ -92,43 +92,43 @@ msgstr ""
 "le rechargement, attendre que le WiFi se déconnecte/reconnecte et revenir "
 "ici pour vérifier que tout est correct."
 
-#: views/settings.html.php:124 views/settings.html.php:130
+#: sources/views/settings.html.php:124 sources/views/settings.html.php:130
 msgid "Reloading may take a few minutes. Be patient."
 msgstr "Le rechargement peut prendre quelques minutes. Soyez patient."
 
-#: views/settings.html.php:124
+#: sources/views/settings.html.php:124
 msgid "Confirm"
 msgstr "Confirmer"
 
-#: views/settings.html.php:128 views/settings.html.php:130
+#: sources/views/settings.html.php:128 sources/views/settings.html.php:130
 msgid "Save and reload"
 msgstr "Sauvegarder et recharger"
 
-#: views/_ssid.html.php:3
+#: sources/views/_ssid.html.php:3
 msgid "Hotspot"
 msgstr "Point d'accès"
 
-#: views/_ssid.html.php:7
+#: sources/views/_ssid.html.php:7
 msgid "Wifi"
 msgstr "WiFi"
 
-#: views/_ssid.html.php:8
+#: sources/views/_ssid.html.php:8
 msgid "IPv6"
 msgstr "IPv6"
 
-#: views/_ssid.html.php:9
+#: sources/views/_ssid.html.php:9
 msgid "IPv4"
 msgstr "IPv4"
 
-#: views/_ssid.html.php:15
+#: sources/views/_ssid.html.php:15
 msgid "Name (SSID)"
 msgstr "Nom (SSID)"
 
-#: views/_ssid.html.php:22
+#: sources/views/_ssid.html.php:22
 msgid "Secure"
 msgstr "Sécurisé"
 
-#: views/_ssid.html.php:23
+#: sources/views/_ssid.html.php:23
 msgid ""
 "Disabling the Secure Wifi allows everyone to join the hotspot and spy the "
 "traffic (but it's perfect for a PirateBox)"
@@ -136,19 +136,19 @@ msgstr ""
 "Désactiver le WiFi sécurisé permet à tout individu de se connecter au point "
 "d'accès et d'espionner le trafic (Cependant c'est parfait pour une PirateBox)"
 
-#: views/_ssid.html.php:31
+#: sources/views/_ssid.html.php:31
 msgid "Password (WPA2)"
 msgstr "Mot de passe (WPA2)"
 
-#: views/_ssid.html.php:33
+#: sources/views/_ssid.html.php:33
 msgid "At least 8 characters"
 msgstr "Au moins 8 caractères"
 
-#: views/_ssid.html.php:34
+#: sources/views/_ssid.html.php:34
 msgid "Show to your friends how to access to your hotspot"
 msgstr "Montrez à vos amis comment accèder à votre point d'accès"
 
-#: views/_ssid.html.php:44
+#: sources/views/_ssid.html.php:44
 msgid ""
 "Currently, your wifi clients don't have IPv6 and it's a very bad thing. Ask "
 "your Internet Service Provider an IPv6 delegated prefix, or"
@@ -157,26 +157,38 @@ msgstr ""
 "très bonne chose. Demandez à votre Fournisseur d'accès Internet un préfixe "
 "IPv6."
 
-#: views/_ssid.html.php:45
+#: sources/views/_ssid.html.php:45
 msgid "change providers"
 msgstr "Changer de fournisseur"
 
-#: views/_ssid.html.php:50
+#: sources/views/_ssid.html.php:50
 msgid "Delegated prefix"
 msgstr "Préfixe délégué"
 
-#: views/_ssid.html.php:57 views/_ssid.html.php:81
+#: sources/views/_ssid.html.php:57
+msgid "Firewall"
+msgstr "Pare-feu"
+
+#: sources/views/_ssid.html.php:58
+msgid ""
+"Disabling the Firewall allows everyone to make connections to client hosts, "
+"depending on their own security policy"
+msgstr ""
+"Désactiver le pare-feu permet à n'importe qui de créer des connexions vers "
+"les clients, en fonction de leur propre politique de sécurité"
+
+#: sources/views/_ssid.html.php:66 sources/views/_ssid.html.php:90
 msgid "First DNS resolver"
 msgstr "Premier résolveur DNS"
 
-#: views/_ssid.html.php:64 views/_ssid.html.php:88
+#: sources/views/_ssid.html.php:73 sources/views/_ssid.html.php:97
 msgid "Second DNS resolver"
 msgstr "Second résolveur DNS"
 
-#: views/_ssid.html.php:74
+#: sources/views/_ssid.html.php:83
 msgid "NAT prefix (/24)"
 msgstr "Préfixe NAT (/24')"
 
-#: views/_ssid.html.php:96
+#: sources/views/_ssid.html.php:105
 msgid "Delete"
 msgstr "Supprimer"

sources/i18n/localization.pot

@@ -1,11 +1,14 @@
-+# Copyright (C) 2015
-+# This file is distributed under the same license as the project.
-+#
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-06-11 23:05+0200\n"
+"POT-Creation-Date: 2015-07-24 23:35+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -14,155 +17,165 @@ msgstr ""
 "Content-Type: text/plain; charset=CHARSET\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: views/layout.html.php:27
+#: sources/views/layout.html.php:27
 msgid "Wifi Hotspot"
 msgstr ""
 
-#: views/layout.html.php:49
+#: sources/views/layout.html.php:49
 msgid "Error"
 msgstr ""
 
-#: views/layout.html.php:54 views/settings.html.php:122
-#: views/_ssid.html.php:44
+#: sources/views/layout.html.php:54 sources/views/settings.html.php:122
+#: sources/views/_ssid.html.php:44
 msgid "Notice"
 msgstr ""
 
-#: views/layout.html.php:66
+#: sources/views/layout.html.php:66
 msgid "Any problem? Contribute!"
 msgstr ""
 
-#: views/settings.html.php:37
+#: sources/views/settings.html.php:37
 msgid "Wifi Hotspot Configuration"
 msgstr ""
 
-#: views/settings.html.php:39 views/settings.html.php:41
+#: sources/views/settings.html.php:39 sources/views/settings.html.php:41
 msgid ""
 "This is a fast status. Click on More details to show the complete status."
 msgstr ""
 
-#: views/settings.html.php:39
+#: sources/views/settings.html.php:39
 msgid "Running"
 msgstr ""
 
-#: views/settings.html.php:41
+#: sources/views/settings.html.php:41
 msgid "Not Running"
 msgstr ""
 
-#: views/settings.html.php:44
+#: sources/views/settings.html.php:44
 msgid "Loading complete status may take a few minutes. Be patient."
 msgstr ""
 
-#: views/settings.html.php:44
+#: sources/views/settings.html.php:44
 msgid "More details"
 msgstr ""
 
-#: views/settings.html.php:60
+#: sources/views/settings.html.php:60
 msgid "Service"
 msgstr ""
 
-#: views/settings.html.php:65
+#: sources/views/settings.html.php:65
 msgid "Hotspot Enabled"
 msgstr ""
 
-#: views/settings.html.php:73
+#: sources/views/settings.html.php:73
 msgid "Device"
 msgstr ""
 
-#: views/settings.html.php:85
+#: sources/views/settings.html.php:85
 msgid "Channel"
 msgstr ""
 
-#: views/settings.html.php:116
+#: sources/views/settings.html.php:116
 msgid "Add a hotspot"
 msgstr ""
 
-#: views/settings.html.php:122
+#: sources/views/settings.html.php:122
 msgid ""
 "You are currently connected through the wifi hotspot. Please, confirm the "
 "reloading, wait for the wifi disconnect/reconnect and go back here to check "
 "that everything is okay."
 msgstr ""
 
-#: views/settings.html.php:124 views/settings.html.php:130
+#: sources/views/settings.html.php:124 sources/views/settings.html.php:130
 msgid "Reloading may take a few minutes. Be patient."
 msgstr ""
 
-#: views/settings.html.php:124
+#: sources/views/settings.html.php:124
 msgid "Confirm"
 msgstr ""
 
-#: views/settings.html.php:128 views/settings.html.php:130
+#: sources/views/settings.html.php:128 sources/views/settings.html.php:130
 msgid "Save and reload"
 msgstr ""
 
-#: views/_ssid.html.php:3
+#: sources/views/_ssid.html.php:3
 msgid "Hotspot"
 msgstr ""
 
-#: views/_ssid.html.php:7
+#: sources/views/_ssid.html.php:7
 msgid "Wifi"
 msgstr ""
 
-#: views/_ssid.html.php:8
+#: sources/views/_ssid.html.php:8
 msgid "IPv6"
 msgstr ""
 
-#: views/_ssid.html.php:9
+#: sources/views/_ssid.html.php:9
 msgid "IPv4"
 msgstr ""
 
-#: views/_ssid.html.php:15
+#: sources/views/_ssid.html.php:15
 msgid "Name (SSID)"
 msgstr ""
 
-#: views/_ssid.html.php:22
+#: sources/views/_ssid.html.php:22
 msgid "Secure"
 msgstr ""
 
-#: views/_ssid.html.php:23
+#: sources/views/_ssid.html.php:23
 msgid ""
 "Disabling the Secure Wifi allows everyone to join the hotspot and spy the "
 "traffic (but it's perfect for a PirateBox)"
 msgstr ""
 
-#: views/_ssid.html.php:31
+#: sources/views/_ssid.html.php:31
 msgid "Password (WPA2)"
 msgstr ""
 
-#: views/_ssid.html.php:33
+#: sources/views/_ssid.html.php:33
 msgid "At least 8 characters"
 msgstr ""
 
-#: views/_ssid.html.php:34
+#: sources/views/_ssid.html.php:34
 msgid "Show to your friends how to access to your hotspot"
 msgstr ""
 
-#: views/_ssid.html.php:44
+#: sources/views/_ssid.html.php:44
 msgid ""
 "Currently, your wifi clients don't have IPv6 and it's a very bad thing. Ask "
 "your Internet Service Provider an IPv6 delegated prefix, or"
 msgstr ""
 
-#: views/_ssid.html.php:45
+#: sources/views/_ssid.html.php:45
 msgid "change providers"
 msgstr ""
 
-#: views/_ssid.html.php:50
+#: sources/views/_ssid.html.php:50
 msgid "Delegated prefix"
 msgstr ""
 
-#: views/_ssid.html.php:57 views/_ssid.html.php:81
+#: sources/views/_ssid.html.php:57
+msgid "Firewall"
+msgstr ""
+
+#: sources/views/_ssid.html.php:58
+msgid ""
+"Disabling the Firewall allows everyone to make connections to client hosts, "
+"depending on their own security policy"
+msgstr ""
+
+#: sources/views/_ssid.html.php:66 sources/views/_ssid.html.php:90
 msgid "First DNS resolver"
 msgstr ""
 
-#: views/_ssid.html.php:64 views/_ssid.html.php:88
+#: sources/views/_ssid.html.php:73 sources/views/_ssid.html.php:97
 msgid "Second DNS resolver"
 msgstr ""
 
-#: views/_ssid.html.php:74
+#: sources/views/_ssid.html.php:83
 msgid "NAT prefix (/24)"
 msgstr ""
 
-#: views/_ssid.html.php:96
+#: sources/views/_ssid.html.php:105
 msgid "Delete"
 msgstr ""

sources/views/_ssid.html.php

@@ -54,6 +54,15 @@
     </div>
 
     <div class="form-group">
+      <label for="ip6_firewall" class="col-sm-3 control-label"><?= _('Firewall') ?></label>
+      <div class="col-sm-9 input-group-btn" data-toggle="tooltip" data-title="<?= _('Disabling the Firewall allows everyone to make connections to client hosts, depending on their own security policy') ?>">
+        <div class="input-group">
+          <input type="checkbox" class="form-control switch ip6_firewall" name="ssid[<?= $ssid['id'] ?>][ip6_firewall]" value="1" <?= $ssid['ip6_firewall'] == 1 ? 'checked="checked"' : '' ?> />
+        </div>
+      </div>
+    </div>
+
+    <div class="form-group">
       <label class="col-sm-3 control-label"><?= _('First DNS resolver') ?></label>
       <div class="col-sm-9">
         <input type="text" class="form-control" name="ssid[<?= $ssid['id'] ?>][ip6_dns0]" placeholder="2001:913::8" value="<?= $ssid['ip6_dns0'] ?>" />