internal/configuration/sources/env/firewall.go

package env

import (
	"errors"
	"fmt"
	"net/netip"
	"strconv"

	"github.com/qdm12/gluetun/internal/configuration/settings"
	"github.com/qdm12/gosettings/sources/env"
)

func (s *Source) readFirewall() (firewall settings.Firewall, err error) {
	vpnInputPortStrings := env.CSV("FIREWALL_VPN_INPUT_PORTS")
	firewall.VPNInputPorts, err = stringsToPorts(vpnInputPortStrings)
	if err != nil {
		return firewall, fmt.Errorf("environment variable FIREWALL_VPN_INPUT_PORTS: %w", err)
	}

	inputPortStrings := env.CSV("FIREWALL_INPUT_PORTS")
	firewall.InputPorts, err = stringsToPorts(inputPortStrings)
	if err != nil {
		return firewall, fmt.Errorf("environment variable FIREWALL_INPUT_PORTS: %w", err)
	}

	outboundSubnetsKey, _ := s.getEnvWithRetro("FIREWALL_OUTBOUND_SUBNETS", []string{"EXTRA_SUBNETS"})
	outboundSubnetStrings := env.CSV(outboundSubnetsKey)
	firewall.OutboundSubnets, err = stringsToNetipPrefixes(outboundSubnetStrings)
	if err != nil {
		return firewall, fmt.Errorf("environment variable %s: %w", outboundSubnetsKey, err)
	}

	firewall.Enabled, err = env.BoolPtr("FIREWALL")
	if err != nil {
		return firewall, err
	}

	firewall.Debug, err = env.BoolPtr("FIREWALL_DEBUG")
	if err != nil {
		return firewall, err
	}

	return firewall, nil
}

var (
	ErrPortParsing = errors.New("cannot parse port")
	ErrPortValue   = errors.New("port value is not valid")
)

func stringsToPorts(ss []string) (ports []uint16, err error) {
	if len(ss) == 0 {
		return nil, nil
	}
	ports = make([]uint16, len(ss))
	for i, s := range ss {
		port, err := strconv.Atoi(s)
		if err != nil {
			return nil, fmt.Errorf("%w: %s: %s", ErrPortParsing, s, err)
		} else if port < 1 || port > 65535 {
			return nil, fmt.Errorf("%w: must be between 1 and 65535: %d",
				ErrPortValue, port)
		}
		ports[i] = uint16(port)
	}
	return ports, nil
}

func stringsToNetipPrefixes(ss []string) (ipPrefixes []netip.Prefix, err error) {
	if len(ss) == 0 {
		return nil, nil
	}
	ipPrefixes = make([]netip.Prefix, len(ss))
	for i, s := range ss {
		ipPrefixes[i], err = netip.ParsePrefix(s)
		if err != nil {
			return nil, fmt.Errorf("parsing IP network %q: %w", s, err)
		}
	}
	return ipPrefixes, nil
}
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`package env`

			`import (`
			`"errors"`
			`"fmt"`
chore(all): use `netip.Prefix` for ip networks - remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix` 2023-04-27 13:41:05 +00:00			`"net/netip"`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`"strconv"`

			`"github.com/qdm12/gluetun/internal/configuration/settings"`
chore(settings): use `gosettings/sources/env` functions 2023-05-30 13:02:10 +00:00			`"github.com/qdm12/gosettings/sources/env"`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`)`

chore(config): rename `Reader` to `Source` struct 2022-08-26 15:16:51 +00:00			`func (s *Source) readFirewall() (firewall settings.Firewall, err error) {`
chore(settings): use `gosettings/sources/env` functions 2023-05-30 13:02:10 +00:00			`vpnInputPortStrings := env.CSV("FIREWALL_VPN_INPUT_PORTS")`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`firewall.VPNInputPorts, err = stringsToPorts(vpnInputPortStrings)`
			`if err != nil {`
			`return firewall, fmt.Errorf("environment variable FIREWALL_VPN_INPUT_PORTS: %w", err)`
			`}`

chore(settings): use `gosettings/sources/env` functions 2023-05-30 13:02:10 +00:00			`inputPortStrings := env.CSV("FIREWALL_INPUT_PORTS")`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`firewall.InputPorts, err = stringsToPorts(inputPortStrings)`
			`if err != nil {`
			`return firewall, fmt.Errorf("environment variable FIREWALL_INPUT_PORTS: %w", err)`
			`}`

hotfix(env): read some settings with case sensitivity 2023-05-30 12:46:10 +00:00			`outboundSubnetsKey, _ := s.getEnvWithRetro("FIREWALL_OUTBOUND_SUBNETS", []string{"EXTRA_SUBNETS"})`
chore(settings): use `gosettings/sources/env` functions 2023-05-30 13:02:10 +00:00			`outboundSubnetStrings := env.CSV(outboundSubnetsKey)`
chore(all): use `netip.Prefix` for ip networks - remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix` 2023-04-27 13:41:05 +00:00			`firewall.OutboundSubnets, err = stringsToNetipPrefixes(outboundSubnetStrings)`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if err != nil {`
			`return firewall, fmt.Errorf("environment variable %s: %w", outboundSubnetsKey, err)`
			`}`

chore(settings): use `gosettings/sources/env` functions 2023-05-30 13:02:10 +00:00			`firewall.Enabled, err = env.BoolPtr("FIREWALL")`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if err != nil {`
chore(sources/env): bump gosettings to v0.3.0-rc9 2023-05-30 15:21:09 +00:00			`return firewall, err`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}`

chore(settings): use `gosettings/sources/env` functions 2023-05-30 13:02:10 +00:00			`firewall.Debug, err = env.BoolPtr("FIREWALL_DEBUG")`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if err != nil {`
chore(sources/env): bump gosettings to v0.3.0-rc9 2023-05-30 15:21:09 +00:00			`return firewall, err`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}`

			`return firewall, nil`
			`}`

			`var (`
			`ErrPortParsing = errors.New("cannot parse port")`
			`ErrPortValue = errors.New("port value is not valid")`
			`)`

			`func stringsToPorts(ss []string) (ports []uint16, err error) {`
			`if len(ss) == 0 {`
			`return nil, nil`
			`}`
			`ports = make([]uint16, len(ss))`
			`for i, s := range ss {`
			`port, err := strconv.Atoi(s)`
			`if err != nil {`
chore(errors): review all errors in codebase 2022-02-20 02:58:16 +00:00			`return nil, fmt.Errorf("%w: %s: %s", ErrPortParsing, s, err)`
fix(settings): change `2^16` to `65535` 2022-01-06 17:42:10 +00:00			`} else if port < 1 \|\| port > 65535 {`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`return nil, fmt.Errorf("%w: must be between 1 and 65535: %d",`
			`ErrPortValue, port)`
			`}`
			`ports[i] = uint16(port)`
			`}`
			`return ports, nil`
			`}`

chore(all): use `netip.Prefix` for ip networks - remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix` 2023-04-27 13:41:05 +00:00			`func stringsToNetipPrefixes(ss []string) (ipPrefixes []netip.Prefix, err error) {`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if len(ss) == 0 {`
			`return nil, nil`
			`}`
chore(all): use `netip.Prefix` for ip networks - remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix` 2023-04-27 13:41:05 +00:00			`ipPrefixes = make([]netip.Prefix, len(ss))`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`for i, s := range ss {`
chore(all): use `netip.Prefix` for ip networks - remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix` 2023-04-27 13:41:05 +00:00			`ipPrefixes[i], err = netip.ParsePrefix(s)`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if err != nil {`
chore(all): review error wrappings - remove repetitive `cannot` and `failed` prefixes - rename `unmarshaling` to `decoding` 2023-04-01 16:53:04 +00:00			`return nil, fmt.Errorf("parsing IP network %q: %w", s, err)`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}`
			`}`
chore(all): use `netip.Prefix` for ip networks - remove usage of `net.IPNet` - remove usage of `netaddr.IPPrefix` 2023-04-27 13:41:05 +00:00			`return ipPrefixes, nil`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`}`