1 files changed, 21 insertions, 13 deletions

diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 8bf81c747..01f84260d 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -24,8 +24,8 @@ from netifaces import interfaces
 from vyos.config import Config
 from vyos.configdict import list_diff
 from vyos.ifconfig import WireGuardIf
-from vyos.util import chown, is_bridge_member, chmod_750
-from vyos.util import call
+from vyos.util import chown, chmod_750, call
+from vyos.validate import is_bridge_member
 from vyos import ConfigError
 
 kdir = r'/config/auth/wireguard'
@@ -35,10 +35,11 @@ default_config_data = {
     'address': [],
     'address_remove': [],
     'description': '',
-    'lport': None,
+    'listen_port': '',
     'deleted': False,
     'disable': False,
-    'fwmark': 0x00,
+    'is_bridge_member': False,
+    'fwmark': 0,
     'mtu': 1420,
     'peer': [],
     'peer_remove': [], # stores public keys of peers to remove
@@ -80,6 +81,8 @@ def get_config():
     # Check if interface has been removed
     if not conf.exists(base + [wg['intf']]):
         wg['deleted'] = True
+        # check if interface is member if a bridge
+        wg['is_bridge_member'] = is_bridge_member(conf, wg['intf'])
         return wg
 
     conf.set_level(base + [wg['intf']])
@@ -103,7 +106,7 @@ def get_config():
 
     # local port to listen on
     if conf.exists(['port']):
-        wg['lport'] = conf.return_value(['port'])
+        wg['listen_port'] = conf.return_value(['port'])
 
     # fwmark value
     if conf.exists(['fwmark']):
@@ -189,12 +192,11 @@ def verify(wg):
     interface = wg['intf']
 
     if wg['deleted']:
-        is_member, bridge = is_bridge_member(interface)
-        if is_member:
-            # can not use a f'' formatted-string here as bridge would not get
-            # expanded in the print statement
-            raise ConfigError('Can not delete interface "{0}" as it ' \
-                              'is a member of bridge "{1}"!'.format(interface, bridge))
+        if wg['is_bridge_member']:
+            interface = wg['intf']
+            bridge = wg['is_bridge_member']
+            raise ConfigError(f'Interface "{interface}" can not be deleted as it belongs to bridge "{bridge}"!')
+
         return None
 
     vrf_name = wg['vrf']
@@ -220,6 +222,12 @@ def verify(wg):
         if not peer['pubkey']:
             raise ConfigError(f'Peer public-key required for peer "{peer_name}"!')
 
+        if peer['address'] and not peer['port']:
+            raise ConfigError(f'Peer "{peer_name}" port must be defined if address is defined!')
+
+        if not peer['address'] and peer['port']:
+           raise ConfigError(f'Peer "{peer_name}" address must be defined if port is defined!')
+
 
 def apply(wg):
     # init wg class
@@ -261,8 +269,8 @@ def apply(wg):
         # peer allowed-ips
         w.config['allowed-ips'] = peer['allowed-ips']
         # local listen port
-        if wg['lport']:
-            w.config['port'] = wg['lport']
+        if wg['listen_port']:
+            w.config['port'] = wg['listen_port']
         # fwmark
         if c['fwmark']:
             w.config['fwmark'] = wg['fwmark']