FIREWALL_VPN_INPUT_PORTS variable, fixes #196
This commit is contained in:
Quentin McGaw
@@ -3,6 +3,7 @@ package params
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
libparams "github.com/qdm12/golibs/params"
|
||||
@@ -35,6 +36,30 @@ func (r *reader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
|
||||
return extraSubnets, nil
|
||||
}
|
||||
|
||||
// GetAllowedVPNInputPorts obtains a list of input ports to allow from the
|
||||
// VPN server side in the firewall, from the environment variable FIREWALL_VPN_INPUT_PORTS
|
||||
func (r *reader) GetVPNInputPorts() (ports []uint16, err error) {
|
||||
s, err := r.envParams.GetEnv("FIREWALL_VPN_INPUT_PORTS", libparams.Default(""))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(s) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
portsStr := strings.Split(s, ",")
|
||||
ports = make([]uint16, len(portsStr))
|
||||
for i := range portsStr {
|
||||
portInt, err := strconv.Atoi(portsStr[i])
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("VPN input port %q is not valid (%s)", portInt, err)
|
||||
} else if portInt <= 0 || portInt > 65535 {
|
||||
return nil, fmt.Errorf("VPN input port %d must be between 1 and 65535", portInt)
|
||||
}
|
||||
ports[i] = uint16(portInt)
|
||||
}
|
||||
return ports, nil
|
||||
}
|
||||
|
||||
// GetFirewallDebug obtains if the firewall should run in debug verbose mode from the environment variable FIREWALL_DEBUG
|
||||
func (r *reader) GetFirewallDebug() (debug bool, err error) {
|
||||
return r.envParams.GetOnOff("FIREWALL_DEBUG", libparams.Default("off"))
|
||||
|
||||
@@ -42,6 +42,7 @@ type Reader interface {
|
||||
// Firewall getters
|
||||
GetFirewall() (enabled bool, err error)
|
||||
GetExtraSubnets() (extraSubnets []net.IPNet, err error)
|
||||
GetVPNInputPorts() (ports []uint16, err error)
|
||||
GetFirewallDebug() (debug bool, err error)
|
||||
|
||||
// VPN getters
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package settings
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
|
||||
@@ -10,6 +11,7 @@ import (
|
||||
// Firewall contains settings to customize the firewall operation
|
||||
type Firewall struct {
|
||||
AllowedSubnets []net.IPNet
|
||||
VPNInputPorts []uint16
|
||||
Enabled bool
|
||||
Debug bool
|
||||
}
|
||||
@@ -22,9 +24,15 @@ func (f *Firewall) String() string {
|
||||
if !f.Enabled {
|
||||
return "Firewall settings: disabled"
|
||||
}
|
||||
vpnInputPorts := make([]string, len(f.VPNInputPorts))
|
||||
for i, port := range f.VPNInputPorts {
|
||||
vpnInputPorts[i] = fmt.Sprintf("%d", port)
|
||||
}
|
||||
|
||||
settingsList := []string{
|
||||
"Firewall settings:",
|
||||
"Allowed subnets: " + strings.Join(allowedSubnets, ", "),
|
||||
"VPN input ports: " + strings.Join(vpnInputPorts, ", "),
|
||||
}
|
||||
if f.Debug {
|
||||
settingsList = append(settingsList, "Debug: on")
|
||||
@@ -38,6 +46,10 @@ func GetFirewallSettings(paramsReader params.Reader) (settings Firewall, err err
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.VPNInputPorts, err = paramsReader.GetVPNInputPorts()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Enabled, err = paramsReader.GetFirewall()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
|
||||
Reference in New Issue
Block a user