Firewall refactoring
- Ability to enable and disable rules in various loops - Simplified code overall - Port forwarding moved into openvpn loop - Route addition and removal improved
This commit is contained in:
Quentin McGaw
@@ -1,7 +1,6 @@
|
||||
package provider
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
@@ -125,11 +124,3 @@ func (c *cyberghost) BuildConf(connections []models.OpenVPNConnection, verbosity
|
||||
func (c *cyberghost) GetPortForward() (port uint16, err error) {
|
||||
panic("port forwarding is not supported for cyberghost")
|
||||
}
|
||||
|
||||
func (c *cyberghost) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
|
||||
panic("port forwarding is not supported for cyberghost")
|
||||
}
|
||||
|
||||
func (c *cyberghost) AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error) {
|
||||
panic("port forwarding is not supported for cyberghost")
|
||||
}
|
||||
|
||||
@@ -1,24 +1,20 @@
|
||||
package provider
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"github.com/qdm12/golibs/files"
|
||||
"github.com/qdm12/golibs/logging"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/models"
|
||||
)
|
||||
|
||||
type mullvad struct {
|
||||
fileManager files.FileManager
|
||||
logger logging.Logger
|
||||
}
|
||||
|
||||
func newMullvad(fileManager files.FileManager, logger logging.Logger) *mullvad {
|
||||
func newMullvad(fileManager files.FileManager) *mullvad {
|
||||
return &mullvad{
|
||||
fileManager: fileManager,
|
||||
logger: logger.WithPrefix("Mullvad configurator: "),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -106,11 +102,3 @@ func (m *mullvad) BuildConf(connections []models.OpenVPNConnection, verbosity, u
|
||||
func (m *mullvad) GetPortForward() (port uint16, err error) {
|
||||
panic("port forwarding is not supported for mullvad")
|
||||
}
|
||||
|
||||
func (m *mullvad) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
|
||||
panic("port forwarding is not supported for mullvad")
|
||||
}
|
||||
|
||||
func (m *mullvad) AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error) {
|
||||
panic("port forwarding is not supported for mullvad")
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package provider
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
@@ -14,24 +13,21 @@ import (
|
||||
"github.com/qdm12/golibs/network"
|
||||
"github.com/qdm12/golibs/verification"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/firewall"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/models"
|
||||
)
|
||||
|
||||
type pia struct {
|
||||
client network.Client
|
||||
fileManager files.FileManager
|
||||
firewall firewall.Configurator
|
||||
random random.Random
|
||||
verifyPort func(port string) error
|
||||
lookupIP func(host string) ([]net.IP, error)
|
||||
}
|
||||
|
||||
func newPrivateInternetAccess(client network.Client, fileManager files.FileManager, firewall firewall.Configurator) *pia {
|
||||
func newPrivateInternetAccess(client network.Client, fileManager files.FileManager) *pia {
|
||||
return &pia{
|
||||
client: client,
|
||||
fileManager: fileManager,
|
||||
firewall: firewall,
|
||||
random: random.NewRandom(),
|
||||
verifyPort: verification.NewVerifier().VerifyPort,
|
||||
lookupIP: net.LookupIP}
|
||||
@@ -168,7 +164,7 @@ func (p *pia) GetPortForward() (port uint16, err error) {
|
||||
}
|
||||
clientID := hex.EncodeToString(b)
|
||||
url := fmt.Sprintf("%s/?client_id=%s", constants.PIAPortForwardURL, clientID)
|
||||
content, status, err := p.client.GetContent(url)
|
||||
content, status, err := p.client.GetContent(url) // TODO add ctx
|
||||
switch {
|
||||
case err != nil:
|
||||
return 0, err
|
||||
@@ -185,15 +181,3 @@ func (p *pia) GetPortForward() (port uint16, err error) {
|
||||
}
|
||||
return body.Port, nil
|
||||
}
|
||||
|
||||
func (p *pia) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
|
||||
return p.fileManager.WriteLinesToFile(
|
||||
string(filepath),
|
||||
[]string{fmt.Sprintf("%d", port)},
|
||||
files.Ownership(uid, gid),
|
||||
files.Permissions(0400))
|
||||
}
|
||||
|
||||
func (p *pia) AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error) {
|
||||
return p.firewall.AllowInputTrafficOnPort(ctx, device, port)
|
||||
}
|
||||
|
||||
@@ -1,13 +1,9 @@
|
||||
package provider
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/qdm12/golibs/files"
|
||||
"github.com/qdm12/golibs/logging"
|
||||
"github.com/qdm12/golibs/network"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/firewall"
|
||||
"github.com/qdm12/private-internet-access-docker/internal/models"
|
||||
)
|
||||
|
||||
@@ -16,16 +12,14 @@ type Provider interface {
|
||||
GetOpenVPNConnections(selection models.ServerSelection) (connections []models.OpenVPNConnection, err error)
|
||||
BuildConf(connections []models.OpenVPNConnection, verbosity, uid, gid int, root bool, cipher, auth string, extras models.ExtraConfigOptions) (err error)
|
||||
GetPortForward() (port uint16, err error)
|
||||
WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error)
|
||||
AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error)
|
||||
}
|
||||
|
||||
func New(provider models.VPNProvider, logger logging.Logger, client network.Client, fileManager files.FileManager, firewall firewall.Configurator) Provider {
|
||||
func New(provider models.VPNProvider, client network.Client, fileManager files.FileManager) Provider {
|
||||
switch provider {
|
||||
case constants.PrivateInternetAccess:
|
||||
return newPrivateInternetAccess(client, fileManager, firewall)
|
||||
return newPrivateInternetAccess(client, fileManager)
|
||||
case constants.Mullvad:
|
||||
return newMullvad(fileManager, logger)
|
||||
return newMullvad(fileManager)
|
||||
case constants.Windscribe:
|
||||
return newWindscribe(fileManager)
|
||||
case constants.Surfshark:
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package provider
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
@@ -127,11 +126,3 @@ func (s *surfshark) BuildConf(connections []models.OpenVPNConnection, verbosity,
|
||||
func (s *surfshark) GetPortForward() (port uint16, err error) {
|
||||
panic("port forwarding is not supported for surfshark")
|
||||
}
|
||||
|
||||
func (s *surfshark) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
|
||||
panic("port forwarding is not supported for surfshark")
|
||||
}
|
||||
|
||||
func (s *surfshark) AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error) {
|
||||
panic("port forwarding is not supported for surfshark")
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
package provider
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
@@ -124,11 +123,3 @@ func (w *windscribe) BuildConf(connections []models.OpenVPNConnection, verbosity
|
||||
func (w *windscribe) GetPortForward() (port uint16, err error) {
|
||||
panic("port forwarding is not supported for windscribe")
|
||||
}
|
||||
|
||||
func (w *windscribe) WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error) {
|
||||
panic("port forwarding is not supported for windscribe")
|
||||
}
|
||||
|
||||
func (w *windscribe) AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error) {
|
||||
panic("port forwarding is not supported for windscribe")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user