From a59ed3812151410c125f62f60b00aad673fd4c66 Mon Sep 17 00:00:00 2001
From: darkgallium <florian+git@aloneinthedark.xyz>
Date: Sun, 28 Jun 2020 18:22:23 +0200
Subject: ensure chain jump is added only once

---
 src/diplonat.rs |  1 -
 src/fw.rs       | 11 ++++++-----
 src/fw_actor.rs | 12 +++---------
 src/main.rs     |  1 -
 4 files changed, 9 insertions(+), 16 deletions(-)

(limited to 'src')

diff --git a/src/diplonat.rs b/src/diplonat.rs
index 7b7bbb8..798b779 100644
--- a/src/diplonat.rs
+++ b/src/diplonat.rs
@@ -1,5 +1,4 @@
 use anyhow::Result;
-use log::*;
 use tokio::try_join;
 use crate::consul_actor::ConsulActor;
 use crate::igd_actor::IgdActor;
diff --git a/src/fw.rs b/src/fw.rs
index 42ce73a..8ee3e6b 100644
--- a/src/fw.rs
+++ b/src/fw.rs
@@ -1,7 +1,6 @@
 use iptables;
 use regex::Regex;
 use std::collections::HashSet;
-use std::io;
 use crate::messages;
 
 #[derive(Debug)]
@@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
 }
 
 pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
-    
-    ipt.new_chain("filter", "DIPLONAT")?;
-    ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
+
+    if !ipt.chain_exists("filter", "DIPLONAT")? {
+        ipt.new_chain("filter", "DIPLONAT")?;
+    }
+
+    ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
 
     Ok(())
 }
 
 pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
-
     for p in ports.tcp_ports {
         ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
     }
diff --git a/src/fw_actor.rs b/src/fw_actor.rs
index 0ef08eb..523bdaa 100644
--- a/src/fw_actor.rs
+++ b/src/fw_actor.rs
@@ -1,8 +1,4 @@
-use igd::aio::*;
-use igd::PortMappingProtocol;
-use std::net::SocketAddrV4;
-use log::*;
-use anyhow::{Result, Context};
+use anyhow::Result;
 use tokio::{
   select, 
   sync::watch, 
@@ -10,6 +6,7 @@ use tokio::{
     self, 
     Duration
 }};
+use log::*;
 
 use iptables;
 use crate::messages;
@@ -17,7 +14,7 @@ use crate::fw;
 use std::collections::HashSet;
 
 pub struct FirewallActor {
-  ipt: iptables::IPTables,
+  pub ipt: iptables::IPTables,
   rx_ports: watch::Receiver<messages::PublicExposedPorts>,
   last_ports: messages::PublicExposedPorts,
   refresh: Duration
@@ -25,8 +22,6 @@ pub struct FirewallActor {
 
 impl FirewallActor {
   pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> {
-
-    
     let ctx = Self { 
       ipt: iptables::new(false).unwrap(),
       rx_ports: rxp.clone(),
@@ -61,7 +56,6 @@ impl FirewallActor {
   }
 
   pub async fn do_fw_update(&self) -> Result<()> {
-    
     let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap();
 
     let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>();
diff --git a/src/main.rs b/src/main.rs
index e845017..ca36c26 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,7 +7,6 @@ mod diplonat;
 mod fw;
 mod fw_actor;
 
-use iptables;
 use log::*;
 use diplonat::Diplonat;
 
-- 
cgit v1.2.3