From a59ed3812151410c125f62f60b00aad673fd4c66 Mon Sep 17 00:00:00 2001 From: darkgallium Date: Sun, 28 Jun 2020 18:22:23 +0200 Subject: ensure chain jump is added only once --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- src/diplonat.rs | 1 - src/fw.rs | 11 ++++++----- src/fw_actor.rs | 12 +++--------- src/main.rs | 1 - 6 files changed, 12 insertions(+), 19 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 83c7c19..7a050b4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1210,9 +1210,9 @@ dependencies = [ [[package]] name = "tokio" -version = "0.2.11" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fdd17989496f49cdc57978c96f0c9fe5e4a58a8bddc6813c449a4624f6a030b" +checksum = "d099fa27b9702bed751524694adbe393e18b36b204da91eb1cbbbbb4a5ee2d58" dependencies = [ "bytes 0.5.4", "fnv", diff --git a/Cargo.toml b/Cargo.toml index 6aff0de..a2a9667 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ reqwest = { version = "0.10", features = ["json"] } igd = { version = "0.10.0", features = ["aio"] } log = "0.4" pretty_env_logger = "0.4" -tokio = "0.2.11" +tokio = "0.2" futures = "0.3.5" serde = { version = "1.0.107", features = ["derive"] } serde_json = "1.0.53" diff --git a/src/diplonat.rs b/src/diplonat.rs index 7b7bbb8..798b779 100644 --- a/src/diplonat.rs +++ b/src/diplonat.rs @@ -1,5 +1,4 @@ use anyhow::Result; -use log::*; use tokio::try_join; use crate::consul_actor::ConsulActor; use crate::igd_actor::IgdActor; diff --git a/src/fw.rs b/src/fw.rs index 42ce73a..8ee3e6b 100644 --- a/src/fw.rs +++ b/src/fw.rs @@ -1,7 +1,6 @@ use iptables; use regex::Regex; use std::collections::HashSet; -use std::io; use crate::messages; #[derive(Debug)] @@ -14,15 +13,17 @@ impl From for FirewallError { } pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> { - - ipt.new_chain("filter", "DIPLONAT")?; - ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?; + + if !ipt.chain_exists("filter", "DIPLONAT")? { + ipt.new_chain("filter", "DIPLONAT")?; + } + + ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?; Ok(()) } pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> { - for p in ports.tcp_ports { ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?; } diff --git a/src/fw_actor.rs b/src/fw_actor.rs index 0ef08eb..523bdaa 100644 --- a/src/fw_actor.rs +++ b/src/fw_actor.rs @@ -1,8 +1,4 @@ -use igd::aio::*; -use igd::PortMappingProtocol; -use std::net::SocketAddrV4; -use log::*; -use anyhow::{Result, Context}; +use anyhow::Result; use tokio::{ select, sync::watch, @@ -10,6 +6,7 @@ use tokio::{ self, Duration }}; +use log::*; use iptables; use crate::messages; @@ -17,7 +14,7 @@ use crate::fw; use std::collections::HashSet; pub struct FirewallActor { - ipt: iptables::IPTables, + pub ipt: iptables::IPTables, rx_ports: watch::Receiver, last_ports: messages::PublicExposedPorts, refresh: Duration @@ -25,8 +22,6 @@ pub struct FirewallActor { impl FirewallActor { pub async fn new(_refresh: Duration, rxp: &watch::Receiver) -> Result { - - let ctx = Self { ipt: iptables::new(false).unwrap(), rx_ports: rxp.clone(), @@ -61,7 +56,6 @@ impl FirewallActor { } pub async fn do_fw_update(&self) -> Result<()> { - let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap(); let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::>(); diff --git a/src/main.rs b/src/main.rs index e845017..ca36c26 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,7 +7,6 @@ mod diplonat; mod fw; mod fw_actor; -use iptables; use log::*; use diplonat::Diplonat; -- cgit v1.2.3