aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2023-04-04 13:33:54 +0200
committerAlex Auvolat <alex@adnab.me>2023-04-04 13:33:54 +0200
commit846c4344aa10a8610c1de859bac51e71d86855d5 (patch)
tree28f8a6ff203ba535bb98d6c74f5bb2afb34acecb
parenteba95c9b28898430cffa379faf2835d471189ccc (diff)
downloaddiplonat-846c4344aa10a8610c1de859bac51e71d86855d5.tar.gz
diplonat-846c4344aa10a8610c1de859bac51e71d86855d5.zip
firewall: open ports in ipv6 as well as ipv4 (using ip6tables)fw-ipv6
-rw-r--r--src/fw_actor.rs51
1 files changed, 28 insertions, 23 deletions
diff --git a/src/fw_actor.rs b/src/fw_actor.rs
index ac553b1..518c1b8 100644
--- a/src/fw_actor.rs
+++ b/src/fw_actor.rs
@@ -12,7 +12,8 @@ use tokio::{
use crate::{fw, messages};
pub struct FirewallActor {
- pub ipt: iptables::IPTables,
+ pub ipt_v4: iptables::IPTables,
+ pub ipt_v6: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration,
@@ -20,17 +21,19 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(
- _refresh: Duration,
+ refresh: Duration,
rxp: &watch::Receiver<messages::PublicExposedPorts>,
) -> Result<Self> {
let ctx = Self {
- ipt: iptables::new(false)?,
+ ipt_v4: iptables::new(false)?,
+ ipt_v6: iptables::new(true)?,
rx_ports: rxp.clone(),
last_ports: messages::PublicExposedPorts::new(),
- refresh: _refresh,
+ refresh,
};
- fw::setup(&ctx.ipt)?;
+ fw::setup(&ctx.ipt_v4)?;
+ fw::setup(&ctx.ipt_v6)?;
return Ok(ctx);
}
@@ -59,27 +62,29 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
- let curr_opened_ports = fw::get_opened_ports(&self.ipt)?;
+ for ipt in [&self.ipt_v4, &self.ipt_v6] {
+ let curr_opened_ports = fw::get_opened_ports(ipt)?;
- let diff_tcp = self
- .last_ports
- .tcp_ports
- .difference(&curr_opened_ports.tcp_ports)
- .copied()
- .collect::<HashSet<u16>>();
- let diff_udp = self
- .last_ports
- .udp_ports
- .difference(&curr_opened_ports.udp_ports)
- .copied()
- .collect::<HashSet<u16>>();
+ let diff_tcp = self
+ .last_ports
+ .tcp_ports
+ .difference(&curr_opened_ports.tcp_ports)
+ .copied()
+ .collect::<HashSet<u16>>();
+ let diff_udp = self
+ .last_ports
+ .udp_ports
+ .difference(&curr_opened_ports.udp_ports)
+ .copied()
+ .collect::<HashSet<u16>>();
- let ports_to_open = messages::PublicExposedPorts {
- tcp_ports: diff_tcp,
- udp_ports: diff_udp,
- };
+ let ports_to_open = messages::PublicExposedPorts {
+ tcp_ports: diff_tcp,
+ udp_ports: diff_udp,
+ };
- fw::open_ports(&self.ipt, ports_to_open)?;
+ fw::open_ports(ipt, ports_to_open)?;
+ }
return Ok(());
}