diff options
author | Alex <alex@adnab.me> | 2023-04-04 12:13:19 +0000 |
---|---|---|
committer | Alex <alex@adnab.me> | 2023-04-04 12:13:19 +0000 |
commit | e64be9e8816b9bd5d3d787d1d5d57d460ae37569 (patch) | |
tree | 28f8a6ff203ba535bb98d6c74f5bb2afb34acecb | |
parent | eba95c9b28898430cffa379faf2835d471189ccc (diff) | |
parent | 846c4344aa10a8610c1de859bac51e71d86855d5 (diff) | |
download | diplonat-e64be9e8816b9bd5d3d787d1d5d57d460ae37569.tar.gz diplonat-e64be9e8816b9bd5d3d787d1d5d57d460ae37569.zip |
Merge pull request 'firewall: open ports in ipv6 as well as ipv4 (using ip6tables)' (#19) from fw-ipv6 into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/diplonat/pulls/19
-rw-r--r-- | src/fw_actor.rs | 51 |
1 files changed, 28 insertions, 23 deletions
diff --git a/src/fw_actor.rs b/src/fw_actor.rs index ac553b1..518c1b8 100644 --- a/src/fw_actor.rs +++ b/src/fw_actor.rs @@ -12,7 +12,8 @@ use tokio::{ use crate::{fw, messages}; pub struct FirewallActor { - pub ipt: iptables::IPTables, + pub ipt_v4: iptables::IPTables, + pub ipt_v6: iptables::IPTables, rx_ports: watch::Receiver<messages::PublicExposedPorts>, last_ports: messages::PublicExposedPorts, refresh: Duration, @@ -20,17 +21,19 @@ pub struct FirewallActor { impl FirewallActor { pub async fn new( - _refresh: Duration, + refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>, ) -> Result<Self> { let ctx = Self { - ipt: iptables::new(false)?, + ipt_v4: iptables::new(false)?, + ipt_v6: iptables::new(true)?, rx_ports: rxp.clone(), last_ports: messages::PublicExposedPorts::new(), - refresh: _refresh, + refresh, }; - fw::setup(&ctx.ipt)?; + fw::setup(&ctx.ipt_v4)?; + fw::setup(&ctx.ipt_v6)?; return Ok(ctx); } @@ -59,27 +62,29 @@ impl FirewallActor { } pub async fn do_fw_update(&self) -> Result<()> { - let curr_opened_ports = fw::get_opened_ports(&self.ipt)?; + for ipt in [&self.ipt_v4, &self.ipt_v6] { + let curr_opened_ports = fw::get_opened_ports(ipt)?; - let diff_tcp = self - .last_ports - .tcp_ports - .difference(&curr_opened_ports.tcp_ports) - .copied() - .collect::<HashSet<u16>>(); - let diff_udp = self - .last_ports - .udp_ports - .difference(&curr_opened_ports.udp_ports) - .copied() - .collect::<HashSet<u16>>(); + let diff_tcp = self + .last_ports + .tcp_ports + .difference(&curr_opened_ports.tcp_ports) + .copied() + .collect::<HashSet<u16>>(); + let diff_udp = self + .last_ports + .udp_ports + .difference(&curr_opened_ports.udp_ports) + .copied() + .collect::<HashSet<u16>>(); - let ports_to_open = messages::PublicExposedPorts { - tcp_ports: diff_tcp, - udp_ports: diff_udp, - }; + let ports_to_open = messages::PublicExposedPorts { + tcp_ports: diff_tcp, + udp_ports: diff_udp, + }; - fw::open_ports(&self.ipt, ports_to_open)?; + fw::open_ports(ipt, ports_to_open)?; + } return Ok(()); } |