ensure chain jump is added only onceadd-firewall-rules

author: darkgallium <florian+git@aloneinthedark.xyz> 2020-06-28 18:22:23 +0200
committer: darkgallium <florian+git@aloneinthedark.xyz> 2020-06-28 19:05:36 +0200
commit: a59ed3812151410c125f62f60b00aad673fd4c66 (patch)
tree: 8d3d749b4ac2121ef77a511fa31df2a6df655a7f /src/fw.rs
parent: 6fe86469ee9b74a8cf628ff21513a8f298a6b4b6 (diff)
download: diplonat-add-firewall-rules.tar.gz
diplonat-add-firewall-rules.zip
1 files changed, 6 insertions, 5 deletions
diff --git a/src/fw.rs b/src/fw.rs
index 42ce73a..8ee3e6b 100644
--- a/src/fw.rs
+++ b/src/fw.rs
@@ -1,7 +1,6 @@
 use iptables;
 use regex::Regex;
 use std::collections::HashSet;
-use std::io;
 use crate::messages;
 
 #[derive(Debug)]
@@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
 }
 
 pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
-    
-    ipt.new_chain("filter", "DIPLONAT")?;
-    ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
+
+    if !ipt.chain_exists("filter", "DIPLONAT")? {
+        ipt.new_chain("filter", "DIPLONAT")?;
+    }
+
+    ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
 
     Ok(())
 }
 
 pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
-
     for p in ports.tcp_ports {
         ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
     }
author	darkgallium <florian+git@aloneinthedark.xyz>	2020-06-28 18:22:23 +0200
committer	darkgallium <florian+git@aloneinthedark.xyz>	2020-06-28 19:05:36 +0200
commit	a59ed3812151410c125f62f60b00aad673fd4c66 (patch)
tree	8d3d749b4ac2121ef77a511fa31df2a6df655a7f /src/fw.rs
parent	6fe86469ee9b74a8cf628ff21513a8f298a6b4b6 (diff)
download	diplonat-add-firewall-rules.tar.gz diplonat-add-firewall-rules.zip