diff options
author | darkgallium <florian+git@aloneinthedark.xyz> | 2020-06-28 18:22:23 +0200 |
---|---|---|
committer | darkgallium <florian+git@aloneinthedark.xyz> | 2020-06-28 19:05:36 +0200 |
commit | a59ed3812151410c125f62f60b00aad673fd4c66 (patch) | |
tree | 8d3d749b4ac2121ef77a511fa31df2a6df655a7f /src | |
parent | 6fe86469ee9b74a8cf628ff21513a8f298a6b4b6 (diff) | |
download | diplonat-add-firewall-rules.tar.gz diplonat-add-firewall-rules.zip |
ensure chain jump is added only onceadd-firewall-rules
Diffstat (limited to 'src')
-rw-r--r-- | src/diplonat.rs | 1 | ||||
-rw-r--r-- | src/fw.rs | 11 | ||||
-rw-r--r-- | src/fw_actor.rs | 12 | ||||
-rw-r--r-- | src/main.rs | 1 |
4 files changed, 9 insertions, 16 deletions
diff --git a/src/diplonat.rs b/src/diplonat.rs index 7b7bbb8..798b779 100644 --- a/src/diplonat.rs +++ b/src/diplonat.rs @@ -1,5 +1,4 @@ use anyhow::Result; -use log::*; use tokio::try_join; use crate::consul_actor::ConsulActor; use crate::igd_actor::IgdActor; @@ -1,7 +1,6 @@ use iptables; use regex::Regex; use std::collections::HashSet; -use std::io; use crate::messages; #[derive(Debug)] @@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError { } pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> { - - ipt.new_chain("filter", "DIPLONAT")?; - ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?; + + if !ipt.chain_exists("filter", "DIPLONAT")? { + ipt.new_chain("filter", "DIPLONAT")?; + } + + ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?; Ok(()) } pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> { - for p in ports.tcp_ports { ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?; } diff --git a/src/fw_actor.rs b/src/fw_actor.rs index 0ef08eb..523bdaa 100644 --- a/src/fw_actor.rs +++ b/src/fw_actor.rs @@ -1,8 +1,4 @@ -use igd::aio::*; -use igd::PortMappingProtocol; -use std::net::SocketAddrV4; -use log::*; -use anyhow::{Result, Context}; +use anyhow::Result; use tokio::{ select, sync::watch, @@ -10,6 +6,7 @@ use tokio::{ self, Duration }}; +use log::*; use iptables; use crate::messages; @@ -17,7 +14,7 @@ use crate::fw; use std::collections::HashSet; pub struct FirewallActor { - ipt: iptables::IPTables, + pub ipt: iptables::IPTables, rx_ports: watch::Receiver<messages::PublicExposedPorts>, last_ports: messages::PublicExposedPorts, refresh: Duration @@ -25,8 +22,6 @@ pub struct FirewallActor { impl FirewallActor { pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> { - - let ctx = Self { ipt: iptables::new(false).unwrap(), rx_ports: rxp.clone(), @@ -61,7 +56,6 @@ impl FirewallActor { } pub async fn do_fw_update(&self) -> Result<()> { - let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap(); let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>(); diff --git a/src/main.rs b/src/main.rs index e845017..ca36c26 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,7 +7,6 @@ mod diplonat; mod fw; mod fw_actor; -use iptables; use log::*; use diplonat::Diplonat; |