From 23556274f03da6c6a97ea1d22f7b6497a5877c6b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Jan 2024 18:00:31 +0100
Subject: [PATCH] Add option to restrict or not to LAN fw zone in interface,
 disabled by default now

---
 .../luasrc/controller/openmptcprouter.lua              |  4 ++++
 .../luasrc/view/openmptcprouter/settings.htm           | 10 ++++++++++
 .../files/usr/share/omr/schedule.d/010-services        |  2 +-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
index 5f7b1487a..b6dc76b0f 100644
--- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
+++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
@@ -1303,6 +1303,10 @@ function settings_add()
 	local externalcheck = luci.http.formvalue("externalcheck") or "1"
 	ucic:set("openmptcprouter","settings","external_check",externalcheck)
 
+	-- Enable/disable restrict proxy to LAN
+	local restricttolan = luci.http.formvalue("restricttolan") or "0"
+	ucic:set("openmptcprouter","settings","restrict_to_lan",restricttolan)
+
 	-- Enable/disable debug
 	local debug = luci.http.formvalue("debug") or "0"
 	ucic:set("openmptcprouter","settings","debug",debug)
diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm
index 1de7df32e..af62dca9f 100644
--- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm
+++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm
@@ -331,6 +331,16 @@
 		    </div>
 		</div>
 	    </div>
+	    <div class="cbi-value">
+		<label class="cbi-value-title"><%:Restrict proxy to LAN zone%></label>
+		<div class="cbi-value-field">
+		    <input type="checkbox" name="restricttolan" class="cbi-input-checkbox" value="1" <% if luci.model.uci.cursor():get("openmptcprouter","settings","restrict_to_lan") == "1" then %>checked<% end %>>
+		    <br />
+		    <div class="cbi-value-description">
+			<%:Authorize access to proxy only from LAN firewall zone%>
+		    </div>
+		</div>
+	    </div>
 	    <div class="cbi-value">
 		<label class="cbi-value-title"><%:Disable route loop detection%></label>
 		<div class="cbi-value-field">
diff --git a/omr-schedule/files/usr/share/omr/schedule.d/010-services b/omr-schedule/files/usr/share/omr/schedule.d/010-services
index ef220bfcd..44e82fe8b 100755
--- a/omr-schedule/files/usr/share/omr/schedule.d/010-services
+++ b/omr-schedule/files/usr/share/omr/schedule.d/010-services
@@ -153,7 +153,7 @@ set_lan_ips() {
 }
 config_load network
 config_foreach restart_omrtracker interface
-config_foreach set_lan_ips interface
+[ "$(uci -q get openmptcprouter.settings.restrict_to_lan)" = "1" ] && config_foreach set_lan_ips interface
 uci -q commit shadowsocks-libev.ss_rules
 uci -q commit shadowsocks-rust.ss_rules
 multipath_fix() {