2 files changed, 14 insertions, 4 deletions

diff --git a/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json b/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json
index e7187c0e4f..9c0b2d1df5 100644
--- a/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json
+++ b/protocols/luci-proto-wireguard/root/usr/share/rpcd/acl.d/luci-wireguard.json
@@ -2,9 +2,6 @@
 	"luci-proto-wireguard": {
 		"description": "Grant access to LuCI Wireguard procedures",
 		"read": {
-			"file": {
-				"/usr/bin/qrencode --inline --8bit --type=SVG --output=- -- *": [ "exec" ]
-			},
 			"ubus": {
 				"luci.wireguard": [
 					"getWgInstances"
diff --git a/protocols/luci-proto-wireguard/root/usr/share/rpcd/ucode/luci.wireguard b/protocols/luci-proto-wireguard/root/usr/share/rpcd/ucode/luci.wireguard
index add810c8ae..c177da4773 100644
--- a/protocols/luci-proto-wireguard/root/usr/share/rpcd/ucode/luci.wireguard
+++ b/protocols/luci-proto-wireguard/root/usr/share/rpcd/ucode/luci.wireguard
@@ -15,6 +15,19 @@ function command(cmd) {
 	return trim(popen(cmd)?.read?.('all'));
 }
 
+function checkPeerHost(configHost, configPort, wgHost) {
+	const ips = popen(`resolveip ${configHost} 2>/dev/null`);
+	if (ips) {
+		for (let line = ips.read('line'); length(line); line = ips.read('line')) {
+			const ip =  rtrim(line, '\n');
+			if (ip + ":" + configPort == wgHost) {
+				return true;
+			}
+		}
+	}
+	return false;
+}
+
 
 const methods = {
 	generatePsk: {
@@ -76,7 +89,7 @@ const methods = {
 						let peer_name;
 
 						uci.foreach('network', `wireguard_${last_device}`, (s) => {
-							if (s.public_key == record[1])
+							if (!s.disabled && s.public_key == record[1] && (!s.endpoint_host || checkPeerHost(s.endpoint_host, s.endpoint_port, record[3])))
 								peer_name = s.description;
 						});