From 2e2e5f9df5a134238e084177c676b9ac4bd708e8 Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Mon, 3 Nov 2025 16:06:21 +0000 Subject: [PATCH] fix(firewall): parse "all" protocol from iptables chains --- internal/firewall/list.go | 2 +- internal/firewall/list_test.go | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/internal/firewall/list.go b/internal/firewall/list.go index 25724250..1a67f687 100644 --- a/internal/firewall/list.go +++ b/internal/firewall/list.go @@ -323,7 +323,7 @@ var ErrProtocolUnknown = errors.New("unknown protocol") func parseProtocol(s string) (protocol string, err error) { switch s { - case "0": + case "0", "all": case "1": protocol = "icmp" case "6": diff --git a/internal/firewall/list_test.go b/internal/firewall/list_test.go index 13953b9f..0d3fa05c 100644 --- a/internal/firewall/list_test.go +++ b/internal/firewall/list_test.go @@ -58,6 +58,7 @@ num pkts bytes target prot opt in out source destinati 2 0 0 ACCEPT 6 -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:55405 3 0 0 ACCEPT 1 -- tun0 * 0.0.0.0/0 0.0.0.0/0 4 0 0 DROP 0 -- tun0 * 1.2.3.4 0.0.0.0/0 +5 0 0 ACCEPT all -- tun0 * 1.2.3.4 0.0.0.0/0 `, table: chain{ name: "INPUT", @@ -111,6 +112,17 @@ num pkts bytes target prot opt in out source destinati source: netip.MustParsePrefix("1.2.3.4/32"), destination: netip.MustParsePrefix("0.0.0.0/0"), }, + { + lineNumber: 5, + packets: 0, + bytes: 0, + target: "ACCEPT", + protocol: "", + inputInterface: "tun0", + outputInterface: "*", + source: netip.MustParsePrefix("1.2.3.4/32"), + destination: netip.MustParsePrefix("0.0.0.0/0"), + }, }, }, },