admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing extra subnets firewall rules

Browse Source 
- Fix #194
- Fix #190
- Refers to #188
This commit is contained in:
Quentin McGaw
2020-07-13 02:17:49 +00:00
parent 95ad58687d
commit 4a7d341c57
3 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/firewall/enable.go
View File

@@ -102,17 +102,17 @@ func (c *configurator) enable(ctx context.Context) (err error) { //nolint:gocogn
if err = c.acceptOutputThroughInterface(ctx, string(constants.TUN), remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
if err := c.acceptInputFromToSubnet(ctx, localSubnet, "*", remove); err != nil {
if err := c.acceptInputFromSubnetToSubnet(ctx, "*", localSubnet, localSubnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
if err := c.acceptOutputFromToSubnet(ctx, localSubnet, "*", remove); err != nil {
if err := c.acceptOutputFromSubnetToSubnet(ctx, "*", localSubnet, localSubnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
for _, subnet := range c.allowedSubnets {
if err := c.acceptInputFromToSubnet(ctx, subnet, defaultInterface, remove); err != nil {
if err := c.acceptInputFromSubnetToSubnet(ctx, defaultInterface, subnet, localSubnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
if err := c.acceptOutputFromToSubnet(ctx, subnet, defaultInterface, remove); err != nil {
if err := c.acceptOutputFromSubnetToSubnet(ctx, defaultInterface, localSubnet, subnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
}