admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(routing): change firewall only for matching ip families

Browse Source
This commit is contained in:
Quentin McGaw
2023-09-20 10:45:13 +00:00
parent 6aa4a93665
commit 4ea474b896
2 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/firewall/enable.go
View File

@@ -3,6 +3,8 @@ package firewall
import (
"context"
"fmt"
"github.com/qdm12/gluetun/internal/netlink"
)
func (c *Config) SetEnabled(ctx context.Context, enabled bool) (err error) {
@@ -147,7 +149,16 @@ func (c *Config) allowVPNIP(ctx context.Context) (err error) {
func (c *Config) allowOutboundSubnets(ctx context.Context) (err error) {
for _, subnet := range c.outboundSubnets {
subnetIsIPv6 := subnet.Addr().Is6()
firewallUpdated := false
for _, defaultRoute := range c.defaultRoutes {
defaultRouteIsIPv6 := defaultRoute.Family == netlink.FamilyV6
ipFamilyMatch := subnetIsIPv6 == defaultRouteIsIPv6
if !ipFamilyMatch {
continue
}
firewallUpdated = true
const remove = false
err := c.acceptOutputFromIPToSubnet(ctx, defaultRoute.NetInterface,
defaultRoute.AssignedIP, subnet, remove)
@@ -155,6 +166,11 @@ func (c *Config) allowOutboundSubnets(ctx context.Context) (err error) {
return err
}
}
if !firewallUpdated {
c.logger.Info(fmt.Sprintf("ignoring subnet %s which has "+
"no default route matching its family", subnet))
}
}
return nil
}