From 11fca08028c2bfe0606b66fd0bb9d595aadffd41 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Sat, 11 Jul 2020 21:30:26 +0000
Subject: [PATCH] Port forwarded firewall fix

---
 internal/firewall/ports.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/internal/firewall/ports.go b/internal/firewall/ports.go
index cd92c8ce..7c79a3b7 100644
--- a/internal/firewall/ports.go
+++ b/internal/firewall/ports.go
@@ -87,11 +87,13 @@ func (c *configurator) SetPortForward(ctx context.Context, port uint16) (err err
 	}
 
 	const tun = string(constants.TUN)
-	if err := c.acceptInputToPort(ctx, tun, constants.TCP, c.portForwarded, true); err != nil {
-		return fmt.Errorf("cannot remove outdated port forward rule from firewall: %w", err)
-	}
-	if err := c.acceptInputToPort(ctx, tun, constants.UDP, c.portForwarded, true); err != nil {
-		return fmt.Errorf("cannot remove outdated port forward rule from firewall: %w", err)
+	if c.portForwarded > 0 {
+		if err := c.acceptInputToPort(ctx, tun, constants.TCP, c.portForwarded, true); err != nil {
+			return fmt.Errorf("cannot remove outdated port forward rule from firewall: %w", err)
+		}
+		if err := c.acceptInputToPort(ctx, tun, constants.UDP, c.portForwarded, true); err != nil {
+			return fmt.Errorf("cannot remove outdated port forward rule from firewall: %w", err)
+		}
 	}
 
 	if port == 0 { // not changing port