aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authordarkgallium <florian+git@aloneinthedark.xyz>2020-06-28 18:22:23 +0200
committerdarkgallium <florian+git@aloneinthedark.xyz>2020-06-28 19:05:36 +0200
commita59ed3812151410c125f62f60b00aad673fd4c66 (patch)
tree8d3d749b4ac2121ef77a511fa31df2a6df655a7f /src
parent6fe86469ee9b74a8cf628ff21513a8f298a6b4b6 (diff)
downloaddiplonat-add-firewall-rules.tar.gz
diplonat-add-firewall-rules.zip
ensure chain jump is added only onceadd-firewall-rules
Diffstat (limited to 'src')
-rw-r--r--src/diplonat.rs1
-rw-r--r--src/fw.rs11
-rw-r--r--src/fw_actor.rs12
-rw-r--r--src/main.rs1
4 files changed, 9 insertions, 16 deletions
diff --git a/src/diplonat.rs b/src/diplonat.rs
index 7b7bbb8..798b779 100644
--- a/src/diplonat.rs
+++ b/src/diplonat.rs
@@ -1,5 +1,4 @@
use anyhow::Result;
-use log::*;
use tokio::try_join;
use crate::consul_actor::ConsulActor;
use crate::igd_actor::IgdActor;
diff --git a/src/fw.rs b/src/fw.rs
index 42ce73a..8ee3e6b 100644
--- a/src/fw.rs
+++ b/src/fw.rs
@@ -1,7 +1,6 @@
use iptables;
use regex::Regex;
use std::collections::HashSet;
-use std::io;
use crate::messages;
#[derive(Debug)]
@@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
}
pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
-
- ipt.new_chain("filter", "DIPLONAT")?;
- ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
+
+ if !ipt.chain_exists("filter", "DIPLONAT")? {
+ ipt.new_chain("filter", "DIPLONAT")?;
+ }
+
+ ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
Ok(())
}
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
-
for p in ports.tcp_ports {
ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
}
diff --git a/src/fw_actor.rs b/src/fw_actor.rs
index 0ef08eb..523bdaa 100644
--- a/src/fw_actor.rs
+++ b/src/fw_actor.rs
@@ -1,8 +1,4 @@
-use igd::aio::*;
-use igd::PortMappingProtocol;
-use std::net::SocketAddrV4;
-use log::*;
-use anyhow::{Result, Context};
+use anyhow::Result;
use tokio::{
select,
sync::watch,
@@ -10,6 +6,7 @@ use tokio::{
self,
Duration
}};
+use log::*;
use iptables;
use crate::messages;
@@ -17,7 +14,7 @@ use crate::fw;
use std::collections::HashSet;
pub struct FirewallActor {
- ipt: iptables::IPTables,
+ pub ipt: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration
@@ -25,8 +22,6 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> {
-
-
let ctx = Self {
ipt: iptables::new(false).unwrap(),
rx_ports: rxp.clone(),
@@ -61,7 +56,6 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
-
let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap();
let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>();
diff --git a/src/main.rs b/src/main.rs
index e845017..ca36c26 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,7 +7,6 @@ mod diplonat;
mod fw;
mod fw_actor;
-use iptables;
use log::*;
use diplonat::Diplonat;