From 98e313242bc88e95ea05d79c56ff18ae9a5e225c Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Fri, 13 Dec 2024 14:08:34 +0400
Subject: [PATCH] add allowed networks

---
 logic/peers.go | 21 ++++++++++++---------
 models/mqtt.go | 14 +++++++-------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/logic/peers.go b/logic/peers.go
index 8a4fc854..51bce8cb 100644
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -158,17 +158,20 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N
 		}
 		defaultUserPolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.UserPolicy)
 		defaultDevicePolicy, _ := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
-		if node.NetworkRange.IP != nil {
-			hostPeerUpdate.FwUpdate.Networks = append(hostPeerUpdate.FwUpdate.Networks, node.NetworkRange)
-		}
-		if node.NetworkRange6.IP != nil {
-			hostPeerUpdate.FwUpdate.Networks = append(hostPeerUpdate.FwUpdate.Networks, node.NetworkRange6)
+
+		if defaultDevicePolicy.Enabled && defaultUserPolicy.Enabled {
+			if node.NetworkRange.IP != nil {
+				hostPeerUpdate.FwUpdate.AllowedNetworks = append(hostPeerUpdate.FwUpdate.AllowedNetworks, node.NetworkRange)
+			}
+			if node.NetworkRange6.IP != nil {
+				hostPeerUpdate.FwUpdate.AllowedNetworks = append(hostPeerUpdate.FwUpdate.AllowedNetworks, node.NetworkRange6)
+			}
+
+		} else {
+			hostPeerUpdate.FwUpdate.AllowAll = false
+			hostPeerUpdate.FwUpdate.AclRules = GetAclRulesForNode(&node)
 		}
 
-		if !defaultDevicePolicy.Enabled || !defaultUserPolicy.Enabled {
-			hostPeerUpdate.FwUpdate.AllowAll = false
-		}
-		hostPeerUpdate.FwUpdate.AclRules = GetAclRulesForNode(&node)
 		currentPeers := GetNetworkNodesMemory(allNodes, node.Network)
 		for _, peer := range currentPeers {
 			peer := peer
diff --git a/models/mqtt.go b/models/mqtt.go
index 4a8a8c34..c5921f38 100644
--- a/models/mqtt.go
+++ b/models/mqtt.go
@@ -94,13 +94,13 @@ type KeyUpdate struct {
 
 // FwUpdate - struct for firewall updates
 type FwUpdate struct {
-	AllowAll    bool                   `json:"allow_all"`
-	Networks    []net.IPNet            `json:"networks"`
-	IsEgressGw  bool                   `json:"is_egress_gw"`
-	IsIngressGw bool                   `json:"is_ingress_gw"`
-	EgressInfo  map[string]EgressInfo  `json:"egress_info"`
-	IngressInfo map[string]IngressInfo `json:"ingress_info"`
-	AclRules    map[string]AclRule     `json:"acl_rules"`
+	AllowAll        bool                   `json:"allow_all"`
+	AllowedNetworks []net.IPNet            `json:"networks"`
+	IsEgressGw      bool                   `json:"is_egress_gw"`
+	IsIngressGw     bool                   `json:"is_ingress_gw"`
+	EgressInfo      map[string]EgressInfo  `json:"egress_info"`
+	IngressInfo     map[string]IngressInfo `json:"ingress_info"`
+	AclRules        map[string]AclRule     `json:"acl_rules"`
 }
 
 // FailOverMeReq - struct for failover req