Quentin McGaw
@@ -21,6 +21,7 @@ type Configurator interface {
|
||||
SetAllowedPort(ctx context.Context, port uint16) error
|
||||
RemoveAllowedPort(ctx context.Context, port uint16) (err error)
|
||||
SetPortForward(ctx context.Context, port uint16) (err error)
|
||||
SetDebug()
|
||||
}
|
||||
|
||||
type configurator struct { //nolint:maligned
|
||||
@@ -29,6 +30,7 @@ type configurator struct { //nolint:maligned
|
||||
routing routing.Routing
|
||||
fileManager files.FileManager // for custom iptables rules
|
||||
iptablesMutex sync.Mutex
|
||||
debug bool
|
||||
|
||||
// State
|
||||
enabled bool
|
||||
@@ -49,3 +51,7 @@ func NewConfigurator(logger logging.Logger, routing routing.Routing, fileManager
|
||||
allowedPorts: make(map[uint16]struct{}),
|
||||
}
|
||||
}
|
||||
|
||||
func (c *configurator) SetDebug() {
|
||||
c.debug = true
|
||||
}
|
||||
|
||||
@@ -57,6 +57,9 @@ func (c *configurator) runIptablesInstructions(ctx context.Context, instructions
|
||||
func (c *configurator) runIptablesInstruction(ctx context.Context, instruction string) error {
|
||||
c.iptablesMutex.Lock() // only one iptables command at once
|
||||
defer c.iptablesMutex.Unlock()
|
||||
if c.debug {
|
||||
fmt.Printf("iptables %s\n", instruction)
|
||||
}
|
||||
flags := strings.Fields(instruction)
|
||||
if output, err := c.commander.Run(ctx, "iptables", flags...); err != nil {
|
||||
return fmt.Errorf("failed executing \"iptables %s\": %s: %w", instruction, output, err)
|
||||
|
||||
@@ -34,3 +34,8 @@ func (r *reader) GetExtraSubnets() (extraSubnets []net.IPNet, err error) {
|
||||
}
|
||||
return extraSubnets, nil
|
||||
}
|
||||
|
||||
// GetFirewallDebug obtains if the firewall should run in debug verbose mode from the environment variable FIREWALL_DEBUG
|
||||
func (r *reader) GetFirewallDebug() (debug bool, err error) {
|
||||
return r.envParams.GetOnOff("FIREWALL_DEBUG", libparams.Default("off"))
|
||||
}
|
||||
|
||||
@@ -41,6 +41,7 @@ type Reader interface {
|
||||
// Firewall getters
|
||||
GetFirewall() (enabled bool, err error)
|
||||
GetExtraSubnets() (extraSubnets []net.IPNet, err error)
|
||||
GetFirewallDebug() (debug bool, err error)
|
||||
|
||||
// VPN getters
|
||||
GetUser() (s string, err error)
|
||||
|
||||
@@ -16,6 +16,9 @@ func (r *routing) AddRouteVia(ctx context.Context, subnet net.IPNet, defaultGate
|
||||
} else if exists {
|
||||
return nil
|
||||
}
|
||||
if r.debug {
|
||||
fmt.Printf("ip route add %s via %s dev %s\n", subnetStr, defaultGateway, defaultInterface)
|
||||
}
|
||||
output, err := r.commander.Run(ctx, "ip", "route", "add", subnetStr, "via", defaultGateway.String(), "dev", defaultInterface)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot add route for %s via %s %s %s: %s: %w", subnetStr, defaultGateway, "dev", defaultInterface, output, err)
|
||||
@@ -32,6 +35,9 @@ func (r *routing) DeleteRouteVia(ctx context.Context, subnet net.IPNet) (err err
|
||||
} else if !exists { // thanks to @npawelek https://github.com/npawelek
|
||||
return nil
|
||||
}
|
||||
if r.debug {
|
||||
fmt.Printf("ip route del %s\n", subnetStr)
|
||||
}
|
||||
output, err := r.commander.Run(ctx, "ip", "route", "del", subnetStr)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot delete route for %s: %s: %w", subnetStr, output, err)
|
||||
|
||||
@@ -15,12 +15,14 @@ type Routing interface {
|
||||
DefaultRoute() (defaultInterface string, defaultGateway net.IP, err error)
|
||||
LocalSubnet() (defaultSubnet net.IPNet, err error)
|
||||
VPNGatewayIP(defaultInterface string) (ip net.IP, err error)
|
||||
SetDebug()
|
||||
}
|
||||
|
||||
type routing struct {
|
||||
commander command.Commander
|
||||
logger logging.Logger
|
||||
fileManager files.FileManager
|
||||
debug bool
|
||||
}
|
||||
|
||||
// NewConfigurator creates a new Configurator instance
|
||||
@@ -31,3 +33,7 @@ func NewRouting(logger logging.Logger, fileManager files.FileManager) Routing {
|
||||
fileManager: fileManager,
|
||||
}
|
||||
}
|
||||
|
||||
func (c *routing) SetDebug() {
|
||||
c.debug = true
|
||||
}
|
||||
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
type Firewall struct {
|
||||
AllowedSubnets []net.IPNet
|
||||
Enabled bool
|
||||
Debug bool
|
||||
}
|
||||
|
||||
func (f *Firewall) String() string {
|
||||
@@ -25,6 +26,9 @@ func (f *Firewall) String() string {
|
||||
"Firewall settings:",
|
||||
"Allowed subnets: " + strings.Join(allowedSubnets, ", "),
|
||||
}
|
||||
if f.Debug {
|
||||
settingsList = append(settingsList, "Debug: on")
|
||||
}
|
||||
return strings.Join(settingsList, "\n |--")
|
||||
}
|
||||
|
||||
@@ -38,5 +42,9 @@ func GetFirewallSettings(paramsReader params.Reader) (settings Firewall, err err
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
settings.Debug, err = paramsReader.GetFirewallDebug()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
return settings, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user