Add linters and fix lint issues
This commit is contained in:
Quentin McGaw
@@ -51,7 +51,7 @@ func (c *configurator) disable(ctx context.Context) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
// To use in defered call when enabling the firewall
|
||||
// To use in defered call when enabling the firewall.
|
||||
func (c *configurator) fallbackToDisabled(ctx context.Context) {
|
||||
if ctx.Err() != nil {
|
||||
return
|
||||
@@ -61,7 +61,7 @@ func (c *configurator) fallbackToDisabled(ctx context.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
func (c *configurator) enable(ctx context.Context) (err error) { //nolint:gocognit
|
||||
func (c *configurator) enable(ctx context.Context) (err error) {
|
||||
if err = c.setAllPolicies(ctx, "DROP"); err != nil {
|
||||
return fmt.Errorf("cannot enable firewall: %w", err)
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ import (
|
||||
"github.com/qdm12/golibs/logging"
|
||||
)
|
||||
|
||||
// Configurator allows to change firewall rules and modify network routes
|
||||
// Configurator allows to change firewall rules and modify network routes.
|
||||
type Configurator interface {
|
||||
Version(ctx context.Context) (string, error)
|
||||
SetEnabled(ctx context.Context, enabled bool) (err error)
|
||||
@@ -45,7 +45,7 @@ type configurator struct { //nolint:maligned
|
||||
stateMutex sync.Mutex
|
||||
}
|
||||
|
||||
// NewConfigurator creates a new Configurator instance
|
||||
// NewConfigurator creates a new Configurator instance.
|
||||
func NewConfigurator(logger logging.Logger, routing routing.Routing, fileManager files.FileManager) Configurator {
|
||||
return &configurator{
|
||||
commander: command.NewCommander(),
|
||||
|
||||
@@ -32,14 +32,15 @@ func flipRule(rule string) string {
|
||||
return rule
|
||||
}
|
||||
|
||||
// Version obtains the version of the installed iptables
|
||||
// Version obtains the version of the installed iptables.
|
||||
func (c *configurator) Version(ctx context.Context) (string, error) {
|
||||
output, err := c.commander.Run(ctx, "iptables", "--version")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
words := strings.Fields(output)
|
||||
if len(words) < 2 {
|
||||
const minWords = 2
|
||||
if len(words) < minWords {
|
||||
return "", fmt.Errorf("iptables --version: output is too short: %q", output)
|
||||
}
|
||||
return words[1], nil
|
||||
@@ -106,34 +107,39 @@ func (c *configurator) acceptEstablishedRelatedTraffic(ctx context.Context, remo
|
||||
})
|
||||
}
|
||||
|
||||
func (c *configurator) acceptOutputTrafficToVPN(ctx context.Context, defaultInterface string, connection models.OpenVPNConnection, remove bool) error {
|
||||
func (c *configurator) acceptOutputTrafficToVPN(ctx context.Context,
|
||||
defaultInterface string, connection models.OpenVPNConnection, remove bool) error {
|
||||
return c.runIptablesInstruction(ctx,
|
||||
fmt.Sprintf("%s OUTPUT -d %s -o %s -p %s -m %s --dport %d -j ACCEPT",
|
||||
appendOrDelete(remove), connection.IP, defaultInterface, connection.Protocol, connection.Protocol, connection.Port))
|
||||
}
|
||||
|
||||
func (c *configurator) acceptInputFromSubnetToSubnet(ctx context.Context, intf string, sourceSubnet, destinationSubnet net.IPNet, remove bool) error {
|
||||
func (c *configurator) acceptInputFromSubnetToSubnet(ctx context.Context,
|
||||
intf string, sourceSubnet, destinationSubnet net.IPNet, remove bool) error {
|
||||
interfaceFlag := "-i " + intf
|
||||
if intf == "*" { // all interfaces
|
||||
interfaceFlag = ""
|
||||
}
|
||||
return c.runIptablesInstruction(ctx, fmt.Sprintf(
|
||||
"%s INPUT %s -s %s -d %s -j ACCEPT", appendOrDelete(remove), interfaceFlag, sourceSubnet.String(), destinationSubnet.String(),
|
||||
"%s INPUT %s -s %s -d %s -j ACCEPT",
|
||||
appendOrDelete(remove), interfaceFlag, sourceSubnet.String(), destinationSubnet.String(),
|
||||
))
|
||||
}
|
||||
|
||||
// Thanks to @npawelek
|
||||
func (c *configurator) acceptOutputFromSubnetToSubnet(ctx context.Context, intf string, sourceSubnet, destinationSubnet net.IPNet, remove bool) error {
|
||||
// Thanks to @npawelek.
|
||||
func (c *configurator) acceptOutputFromSubnetToSubnet(ctx context.Context,
|
||||
intf string, sourceSubnet, destinationSubnet net.IPNet, remove bool) error {
|
||||
interfaceFlag := "-o " + intf
|
||||
if intf == "*" { // all interfaces
|
||||
interfaceFlag = ""
|
||||
}
|
||||
return c.runIptablesInstruction(ctx, fmt.Sprintf(
|
||||
"%s OUTPUT %s -s %s -d %s -j ACCEPT", appendOrDelete(remove), interfaceFlag, sourceSubnet.String(), destinationSubnet.String(),
|
||||
"%s OUTPUT %s -s %s -d %s -j ACCEPT",
|
||||
appendOrDelete(remove), interfaceFlag, sourceSubnet.String(), destinationSubnet.String(),
|
||||
))
|
||||
}
|
||||
|
||||
// Used for port forwarding, with intf set to tun
|
||||
// Used for port forwarding, with intf set to tun.
|
||||
func (c *configurator) acceptInputToPort(ctx context.Context, intf string, port uint16, remove bool) error {
|
||||
interfaceFlag := "-i " + intf
|
||||
if intf == "*" { // all interfaces
|
||||
|
||||
@@ -124,7 +124,7 @@ func (c *configurator) addSubnets(ctx context.Context, subnets []net.IPNet, defa
|
||||
return nil
|
||||
}
|
||||
|
||||
// updateSubnetRoutes does not return an error in order to try to run as many route commands as possible
|
||||
// updateSubnetRoutes does not return an error in order to try to run as many route commands as possible.
|
||||
func (c *configurator) updateSubnetRoutes(ctx context.Context, oldSubnets, newSubnets []net.IPNet) {
|
||||
subnetsToAdd := findSubnetsToAdd(oldSubnets, newSubnets)
|
||||
subnetsToRemove := findSubnetsToRemove(oldSubnets, newSubnets)
|
||||
|
||||
Reference in New Issue
Block a user