Routing improvements (#268)

- Fixes #82 
- Remove `EXTRA_SUBNETS`
- Remove no longer needed iptables rules
- Reduce routing interface arity
- Routing setup is done in main.go instead of in the firewall
- Routing setup gets reverted at shutdown

internal/params/firewall.go

@@ -2,7 +2,6 @@ package params
 
 import (
 	"fmt"
-	"net"
 	"strconv"
 	"strings"
 
@@ -14,28 +13,6 @@ func (r *reader) GetFirewall() (enabled bool, err error) {
 	return r.envParams.GetOnOff("FIREWALL", libparams.Default("on"))
 }
 
-// GetExtraSubnets obtains the CIDR subnets from the comma separated list of the
-// environment variable EXTRA_SUBNETS.
-func (r *reader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
-	s, err := r.envParams.GetEnv("EXTRA_SUBNETS")
-	if err != nil {
-		return nil, err
-	} else if s == "" {
-		return nil, nil
-	}
-	subnets := strings.Split(s, ",")
-	for _, subnet := range subnets {
-		_, cidr, err := net.ParseCIDR(subnet)
-		if err != nil {
-			return nil, fmt.Errorf("could not parse subnet %q from environment variable with key EXTRA_SUBNETS: %w", subnet, err)
-		} else if cidr == nil {
-			return nil, fmt.Errorf("parsing subnet %q resulted in a nil CIDR", subnet)
-		}
-		extraSubnets = append(extraSubnets, *cidr)
-	}
-	return extraSubnets, nil
-}
-
 // GetAllowedVPNInputPorts obtains a list of input ports to allow from the
 // VPN server side in the firewall, from the environment variable FIREWALL_VPN_INPUT_PORTS.
 func (r *reader) GetVPNInputPorts() (ports []uint16, err error) {

internal/params/params.go

@@ -41,7 +41,6 @@ type Reader interface {
 
 	// Firewall getters
 	GetFirewall() (enabled bool, err error)
-	GetExtraSubnets() (extraSubnets []net.IPNet, err error)
 	GetVPNInputPorts() (ports []uint16, err error)
 	GetInputPorts() (ports []uint16, err error)
 	GetFirewallDebug() (debug bool, err error)