admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(firewall): prevent IP family mix in acceptOutputFromIPToSubnet

Browse Source
This commit is contained in:
Quentin McGaw
2023-05-21 18:06:18 +00:00
parent 63303bc311
commit f712d77642
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/firewall/iptables.go
View File

@@ -157,6 +157,13 @@ func (c *Config) acceptOutputTrafficToVPN(ctx context.Context,
func (c *Config) acceptOutputFromIPToSubnet(ctx context.Context, func (c *Config) acceptOutputFromIPToSubnet(ctx context.Context,
intf string, sourceIP netip.Addr, destinationSubnet netip.Prefix, remove bool) error { intf string, sourceIP netip.Addr, destinationSubnet netip.Prefix, remove bool) error {
doIPv4 := sourceIP.Is4() && destinationSubnet.Addr().Is4() doIPv4 := sourceIP.Is4() && destinationSubnet.Addr().Is4()
doIPv6 := sourceIP.Is6() && destinationSubnet.Addr().Is6()
if !doIPv4 && !doIPv6 {
c.logger.Debug(fmt.Sprintf(
"source IP address %s and destination subnet %s are not of the same IP family, skipping...",
sourceIP, destinationSubnet))
return nil
}
interfaceFlag := "-o " + intf interfaceFlag := "-o " + intf
if intf == "*" { // all interfaces if intf == "*" { // all interfaces