aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2023-04-04 12:13:19 +0000
committerAlex <alex@adnab.me>2023-04-04 12:13:19 +0000
commite64be9e8816b9bd5d3d787d1d5d57d460ae37569 (patch)
tree28f8a6ff203ba535bb98d6c74f5bb2afb34acecb
parenteba95c9b28898430cffa379faf2835d471189ccc (diff)
parent846c4344aa10a8610c1de859bac51e71d86855d5 (diff)
downloaddiplonat-e64be9e8816b9bd5d3d787d1d5d57d460ae37569.tar.gz
diplonat-e64be9e8816b9bd5d3d787d1d5d57d460ae37569.zip
Merge pull request 'firewall: open ports in ipv6 as well as ipv4 (using ip6tables)' (#19) from fw-ipv6 into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/diplonat/pulls/19
-rw-r--r--src/fw_actor.rs51
1 files changed, 28 insertions, 23 deletions
diff --git a/src/fw_actor.rs b/src/fw_actor.rs
index ac553b1..518c1b8 100644
--- a/src/fw_actor.rs
+++ b/src/fw_actor.rs
@@ -12,7 +12,8 @@ use tokio::{
use crate::{fw, messages};
pub struct FirewallActor {
- pub ipt: iptables::IPTables,
+ pub ipt_v4: iptables::IPTables,
+ pub ipt_v6: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration,
@@ -20,17 +21,19 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(
- _refresh: Duration,
+ refresh: Duration,
rxp: &watch::Receiver<messages::PublicExposedPorts>,
) -> Result<Self> {
let ctx = Self {
- ipt: iptables::new(false)?,
+ ipt_v4: iptables::new(false)?,
+ ipt_v6: iptables::new(true)?,
rx_ports: rxp.clone(),
last_ports: messages::PublicExposedPorts::new(),
- refresh: _refresh,
+ refresh,
};
- fw::setup(&ctx.ipt)?;
+ fw::setup(&ctx.ipt_v4)?;
+ fw::setup(&ctx.ipt_v6)?;
return Ok(ctx);
}
@@ -59,27 +62,29 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
- let curr_opened_ports = fw::get_opened_ports(&self.ipt)?;
+ for ipt in [&self.ipt_v4, &self.ipt_v6] {
+ let curr_opened_ports = fw::get_opened_ports(ipt)?;
- let diff_tcp = self
- .last_ports
- .tcp_ports
- .difference(&curr_opened_ports.tcp_ports)
- .copied()
- .collect::<HashSet<u16>>();
- let diff_udp = self
- .last_ports
- .udp_ports
- .difference(&curr_opened_ports.udp_ports)
- .copied()
- .collect::<HashSet<u16>>();
+ let diff_tcp = self
+ .last_ports
+ .tcp_ports
+ .difference(&curr_opened_ports.tcp_ports)
+ .copied()
+ .collect::<HashSet<u16>>();
+ let diff_udp = self
+ .last_ports
+ .udp_ports
+ .difference(&curr_opened_ports.udp_ports)
+ .copied()
+ .collect::<HashSet<u16>>();
- let ports_to_open = messages::PublicExposedPorts {
- tcp_ports: diff_tcp,
- udp_ports: diff_udp,
- };
+ let ports_to_open = messages::PublicExposedPorts {
+ tcp_ports: diff_tcp,
+ udp_ports: diff_udp,
+ };
- fw::open_ports(&self.ipt, ports_to_open)?;
+ fw::open_ports(ipt, ports_to_open)?;
+ }
return Ok(());
}