diff options
author | darkgallium <florian+git@aloneinthedark.xyz> | 2020-06-28 18:22:23 +0200 |
---|---|---|
committer | darkgallium <florian+git@aloneinthedark.xyz> | 2020-06-28 19:05:36 +0200 |
commit | a59ed3812151410c125f62f60b00aad673fd4c66 (patch) | |
tree | 8d3d749b4ac2121ef77a511fa31df2a6df655a7f | |
parent | 6fe86469ee9b74a8cf628ff21513a8f298a6b4b6 (diff) | |
download | diplonat-add-firewall-rules.tar.gz diplonat-add-firewall-rules.zip |
ensure chain jump is added only onceadd-firewall-rules
-rw-r--r-- | Cargo.lock | 4 | ||||
-rw-r--r-- | Cargo.toml | 2 | ||||
-rw-r--r-- | src/diplonat.rs | 1 | ||||
-rw-r--r-- | src/fw.rs | 11 | ||||
-rw-r--r-- | src/fw_actor.rs | 12 | ||||
-rw-r--r-- | src/main.rs | 1 |
6 files changed, 12 insertions, 19 deletions
@@ -1210,9 +1210,9 @@ dependencies = [ [[package]] name = "tokio" -version = "0.2.11" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fdd17989496f49cdc57978c96f0c9fe5e4a58a8bddc6813c449a4624f6a030b" +checksum = "d099fa27b9702bed751524694adbe393e18b36b204da91eb1cbbbbb4a5ee2d58" dependencies = [ "bytes 0.5.4", "fnv", @@ -11,7 +11,7 @@ reqwest = { version = "0.10", features = ["json"] } igd = { version = "0.10.0", features = ["aio"] } log = "0.4" pretty_env_logger = "0.4" -tokio = "0.2.11" +tokio = "0.2" futures = "0.3.5" serde = { version = "1.0.107", features = ["derive"] } serde_json = "1.0.53" diff --git a/src/diplonat.rs b/src/diplonat.rs index 7b7bbb8..798b779 100644 --- a/src/diplonat.rs +++ b/src/diplonat.rs @@ -1,5 +1,4 @@ use anyhow::Result; -use log::*; use tokio::try_join; use crate::consul_actor::ConsulActor; use crate::igd_actor::IgdActor; @@ -1,7 +1,6 @@ use iptables; use regex::Regex; use std::collections::HashSet; -use std::io; use crate::messages; #[derive(Debug)] @@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError { } pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> { - - ipt.new_chain("filter", "DIPLONAT")?; - ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?; + + if !ipt.chain_exists("filter", "DIPLONAT")? { + ipt.new_chain("filter", "DIPLONAT")?; + } + + ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?; Ok(()) } pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> { - for p in ports.tcp_ports { ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?; } diff --git a/src/fw_actor.rs b/src/fw_actor.rs index 0ef08eb..523bdaa 100644 --- a/src/fw_actor.rs +++ b/src/fw_actor.rs @@ -1,8 +1,4 @@ -use igd::aio::*; -use igd::PortMappingProtocol; -use std::net::SocketAddrV4; -use log::*; -use anyhow::{Result, Context}; +use anyhow::Result; use tokio::{ select, sync::watch, @@ -10,6 +6,7 @@ use tokio::{ self, Duration }}; +use log::*; use iptables; use crate::messages; @@ -17,7 +14,7 @@ use crate::fw; use std::collections::HashSet; pub struct FirewallActor { - ipt: iptables::IPTables, + pub ipt: iptables::IPTables, rx_ports: watch::Receiver<messages::PublicExposedPorts>, last_ports: messages::PublicExposedPorts, refresh: Duration @@ -25,8 +22,6 @@ pub struct FirewallActor { impl FirewallActor { pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> { - - let ctx = Self { ipt: iptables::new(false).unwrap(), rx_ports: rxp.clone(), @@ -61,7 +56,6 @@ impl FirewallActor { } pub async fn do_fw_update(&self) -> Result<()> { - let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap(); let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>(); diff --git a/src/main.rs b/src/main.rs index e845017..ca36c26 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,7 +7,6 @@ mod diplonat; mod fw; mod fw_actor; -use iptables; use log::*; use diplonat::Diplonat; |