From 4d50a8e0621759ecfb3afddf8c4b7937070cb079 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 29 Nov 2023 10:08:04 +0100
Subject: [PATCH] wireguard: reload filter if we modified a device

PR: https://forum.opnsense.org/index.php?topic=37248.0
---
 src/etc/inc/plugins.inc.d/openvpn.inc                 | 4 ++--
 src/opnsense/scripts/Wireguard/wg-service-control.php | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc
index f87a53c7b..23738fdd3 100644
--- a/src/etc/inc/plugins.inc.d/openvpn.inc
+++ b/src/etc/inc/plugins.inc.d/openvpn.inc
@@ -1067,7 +1067,7 @@ function openvpn_configure_single($id)
                 }
                 openvpn_reconfigure($mode, $settings);
                 openvpn_restart($mode, $settings);
-                configd_run('filter reload'); /* XXX really needed? */
+                configd_run('filter reload'); /* XXX required for NAT rules, but needs coalescing */
                 return;
             }
         }
@@ -1109,7 +1109,7 @@ function openvpn_configure_do($verbose = false, $interface = '', $carp_event = f
     }
 
     if ($reconfigure_count > 0) {
-        configd_run('filter reload'); /* XXX really needed? */
+        configd_run('filter reload'); /* XXX required for NAT rules, but needs coalescing */
     }
 
     service_log("done.\n", $verbose);
diff --git a/src/opnsense/scripts/Wireguard/wg-service-control.php b/src/opnsense/scripts/Wireguard/wg-service-control.php
index 249e6f606..0e09a98a6 100755
--- a/src/opnsense/scripts/Wireguard/wg-service-control.php
+++ b/src/opnsense/scripts/Wireguard/wg-service-control.php
@@ -294,5 +294,9 @@ if (isset($opts['h']) || empty($args) || !in_array($args[0], ['start', 'stop', '
             }
         }
     }
+
+    if (count($server_devs)) {
+        configd_run('filter reload'); /* XXX required for NAT rules, but needs coalescing */
+    }
 }
 closelog();