aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordarkgallium <florian+git@aloneinthedark.xyz>2020-06-28 18:22:23 +0200
committerdarkgallium <florian+git@aloneinthedark.xyz>2020-06-28 19:05:36 +0200
commita59ed3812151410c125f62f60b00aad673fd4c66 (patch)
tree8d3d749b4ac2121ef77a511fa31df2a6df655a7f
parent6fe86469ee9b74a8cf628ff21513a8f298a6b4b6 (diff)
downloaddiplonat-add-firewall-rules.tar.gz
diplonat-add-firewall-rules.zip
ensure chain jump is added only onceadd-firewall-rules
-rw-r--r--Cargo.lock4
-rw-r--r--Cargo.toml2
-rw-r--r--src/diplonat.rs1
-rw-r--r--src/fw.rs11
-rw-r--r--src/fw_actor.rs12
-rw-r--r--src/main.rs1
6 files changed, 12 insertions, 19 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 83c7c19..7a050b4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1210,9 +1210,9 @@ dependencies = [
[[package]]
name = "tokio"
-version = "0.2.11"
+version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fdd17989496f49cdc57978c96f0c9fe5e4a58a8bddc6813c449a4624f6a030b"
+checksum = "d099fa27b9702bed751524694adbe393e18b36b204da91eb1cbbbbb4a5ee2d58"
dependencies = [
"bytes 0.5.4",
"fnv",
diff --git a/Cargo.toml b/Cargo.toml
index 6aff0de..a2a9667 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -11,7 +11,7 @@ reqwest = { version = "0.10", features = ["json"] }
igd = { version = "0.10.0", features = ["aio"] }
log = "0.4"
pretty_env_logger = "0.4"
-tokio = "0.2.11"
+tokio = "0.2"
futures = "0.3.5"
serde = { version = "1.0.107", features = ["derive"] }
serde_json = "1.0.53"
diff --git a/src/diplonat.rs b/src/diplonat.rs
index 7b7bbb8..798b779 100644
--- a/src/diplonat.rs
+++ b/src/diplonat.rs
@@ -1,5 +1,4 @@
use anyhow::Result;
-use log::*;
use tokio::try_join;
use crate::consul_actor::ConsulActor;
use crate::igd_actor::IgdActor;
diff --git a/src/fw.rs b/src/fw.rs
index 42ce73a..8ee3e6b 100644
--- a/src/fw.rs
+++ b/src/fw.rs
@@ -1,7 +1,6 @@
use iptables;
use regex::Regex;
use std::collections::HashSet;
-use std::io;
use crate::messages;
#[derive(Debug)]
@@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
}
pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
-
- ipt.new_chain("filter", "DIPLONAT")?;
- ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
+
+ if !ipt.chain_exists("filter", "DIPLONAT")? {
+ ipt.new_chain("filter", "DIPLONAT")?;
+ }
+
+ ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
Ok(())
}
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
-
for p in ports.tcp_ports {
ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
}
diff --git a/src/fw_actor.rs b/src/fw_actor.rs
index 0ef08eb..523bdaa 100644
--- a/src/fw_actor.rs
+++ b/src/fw_actor.rs
@@ -1,8 +1,4 @@
-use igd::aio::*;
-use igd::PortMappingProtocol;
-use std::net::SocketAddrV4;
-use log::*;
-use anyhow::{Result, Context};
+use anyhow::Result;
use tokio::{
select,
sync::watch,
@@ -10,6 +6,7 @@ use tokio::{
self,
Duration
}};
+use log::*;
use iptables;
use crate::messages;
@@ -17,7 +14,7 @@ use crate::fw;
use std::collections::HashSet;
pub struct FirewallActor {
- ipt: iptables::IPTables,
+ pub ipt: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration
@@ -25,8 +22,6 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> {
-
-
let ctx = Self {
ipt: iptables::new(false).unwrap(),
rx_ports: rxp.clone(),
@@ -61,7 +56,6 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
-
let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap();
let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>();
diff --git a/src/main.rs b/src/main.rs
index e845017..ca36c26 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,7 +7,6 @@ mod diplonat;
mod fw;
mod fw_actor;
-use iptables;
use log::*;
use diplonat::Diplonat;