Revert "freebsd post up/post down logic"

This reverts commit a0c8795d38472e0f08d59ee91d53bfa1b0cbc910.

logic/gateway.go

@@ -56,7 +56,6 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro
 		}
 	}
 	if node.OS == "freebsd" {
-		// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 		postUpCmd = "kldload ipfw ipfw_nat ; "
 		postUpCmd += "ipfw disable one_pass ; "
 		postUpCmd += "ipfw nat 1 config if " + gateway.Interface + " same_ports unreg_only reset ; "
@@ -286,7 +285,6 @@ func DeleteGatewayExtClients(gatewayID string, networkName string) error {
 
 // firewallNFTCommandsCreateIngress - used to centralize firewall command maintenance for creating an ingress gateway using the nftables firewall.
 func firewallNFTCommandsCreateIngress(networkInterface string) (string, string) {
-	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "nft add table ip filter ; "
 	postUp += "nft add chain ip filter FORWARD ; "
 	postUp += "nft add rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
@@ -304,7 +302,6 @@ func firewallNFTCommandsCreateIngress(networkInterface string) (string, string)
 
 // firewallNFTCommandsCreateEgress - used to centralize firewall command maintenance for creating an egress gateway using the nftables firewall.
 func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface string, egressNatEnabled string) (string, string) {
-	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "nft add table ip filter ; "
 	postUp += "nft add chain ip filter FORWARD ; "
 	postUp += "nft add rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
@@ -325,7 +322,6 @@ func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface s
 
 // firewallIPTablesCommandsCreateIngress - used to centralize firewall command maintenance for creating an ingress gateway using the iptables firewall.
 func firewallIPTablesCommandsCreateIngress(networkInterface string) (string, string) {
-	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
 	postUp := "iptables -A FORWARD -i " + networkInterface + " -j ACCEPT ; "
 	postUp += "iptables -A FORWARD -o " + networkInterface + " -j ACCEPT ; "
 	postUp += "iptables -t nat -A POSTROUTING -o " + networkInterface + " -j MASQUERADE"
@@ -340,7 +336,7 @@ func firewallIPTablesCommandsCreateIngress(networkInterface string) (string, str
 
 // firewallIPTablesCommandsCreateEgress - used to centralize firewall command maintenance for creating an egress gateway using the iptables firewall.
 func firewallIPTablesCommandsCreateEgress(networkInterface string, gatewayInterface string, egressNatEnabled string) (string, string) {
-	// spacing around ; is important for later parsing of postup/postdown in wireguard/common.go
+
 	postUp := "iptables -A FORWARD -i " + networkInterface + " -j ACCEPT; "
 	postUp += "iptables -A FORWARD -o " + networkInterface + " -j ACCEPT"
 	postDown := "iptables -D FORWARD -i " + networkInterface + " -j ACCEPT; "

netclient/wireguard/common.go

@@ -341,24 +341,11 @@ func WriteWgConfig(node *models.Node, privateKey string, peers []wgtypes.PeerCon
 	//if node.DNSOn == "yes" {
 	//	wireguard.Section(section_interface).Key("DNS").SetValue(cfg.Server.CoreDNSAddr)
 	//}
-	//need to split postup/postdown because ini lib adds a ` and the ` breaks freebsd
 	if node.PostUp != "" {
-		parts := strings.Split(node.PostUp, " ; ")
-		for i, part := range parts {
-			if i == 0 {
-				wireguard.Section(section_interface).Key("PostUp").SetValue(part)
-			}
-			wireguard.Section(section_interface).Key("PostUp").AddShadow(part)
-		}
+		wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostUp)
 	}
 	if node.PostDown != "" {
-		parts := strings.Split(node.PostDown, " ; ")
-		for i, part := range parts {
-			if i == 0 {
-				wireguard.Section(section_interface).Key("PostDown").SetValue(part)
-			}
-			wireguard.Section(section_interface).Key("PostDown").AddShadow(part)
-		}
+		wireguard.Section(section_interface).Key("PostDown").SetValue(node.PostDown)
 	}
 	if node.MTU != 0 {
 		wireguard.Section(section_interface).Key("MTU").SetValue(strconv.FormatInt(int64(node.MTU), 10))
@@ -440,7 +427,6 @@ func UpdateWgPeers(file string, peers []wgtypes.PeerConfig) (*net.UDPAddr, error
 
 // UpdateWgInterface - updates the interface section of a wireguard config file
 func UpdateWgInterface(file, privateKey, nameserver string, node models.Node) error {
-	log.Println("updating conf file ", file, nameserver, node.Name)
 	options := ini.LoadOptions{
 		AllowNonUniqueSections: true,
 		AllowShadows:           true,
@@ -465,25 +451,11 @@ func UpdateWgInterface(file, privateKey, nameserver string, node models.Node) er
 	//if node.DNSOn == "yes" {
 	//	wireguard.Section(section_interface).Key("DNS").SetValue(nameserver)
 	//}
-	//need to split postup/postdown because ini lib adds a quotes which breaks freebsd
 	if node.PostUp != "" {
-		log.Println("updating PostUp")
-		parts := strings.Split(node.PostUp, " ; ")
-		for i, part := range parts {
-			if i == 0 {
-				wireguard.Section(section_interface).Key("PostUp").SetValue(part)
-			}
-			wireguard.Section(section_interface).Key("PostUp").AddShadow(part)
-		}
+		wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostUp)
 	}
 	if node.PostDown != "" {
-		parts := strings.Split(node.PostDown, ";")
-		for i, part := range parts {
-			if i == 0 {
-				wireguard.Section(section_interface).Key("PostDown").SetValue(part)
-			}
-			wireguard.Section(section_interface).Key("PostDown").AddShadow(part)
-		}
+		wireguard.Section(section_interface).Key("PostDown").SetValue(node.PostDown)
 	}
 	if node.MTU != 0 {
 		wireguard.Section(section_interface).Key("MTU").SetValue(strconv.FormatInt(int64(node.MTU), 10))