admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature: uplift the 'localSubnet' concept to cover all local ethernet interfaces (#413)

Browse Source
This commit is contained in:
Michael Robbins
2021-04-10 03:08:20 +10:00
committed by GitHub
parent cc4117e054
commit 8230596f98
5 changed files with 87 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/firewall/enable.go
View File

@@ -94,8 +94,10 @@ func (c *configurator) enable(ctx context.Context) (err error) {
return fmt.Errorf("cannot enable firewall: %w", err)
}
if err := c.acceptOutputFromIPToSubnet(ctx, c.defaultInterface, c.localIP, c.localSubnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
for _, network := range c.localNetworks {
if err := c.acceptOutputFromIPToSubnet(ctx, network.InterfaceName, network.IP, network.Subnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
}
for _, subnet := range c.outboundSubnets {
@@ -106,8 +108,10 @@ func (c *configurator) enable(ctx context.Context) (err error) {
// Allows packets from any IP address to go through eth0 / local network
// to reach Gluetun.
if err := c.acceptInputToSubnet(ctx, c.defaultInterface, c.localSubnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
for _, network := range c.localNetworks {
if err := c.acceptInputToSubnet(ctx, network.InterfaceName, network.Subnet, remove); err != nil {
return fmt.Errorf("cannot enable firewall: %w", err)
}
}
for port, intf := range c.allowedInputPorts {

8
internal/firewall/firewall.go
View File

@@ -24,7 +24,7 @@ type Configurator interface {
RemoveAllowedPort(ctx context.Context, port uint16) (err error)
SetDebug()
// SetNetworkInformation is meant to be called only once
SetNetworkInformation(defaultInterface string, defaultGateway net.IP, localSubnet net.IPNet, localIP net.IP)
SetNetworkInformation(defaultInterface string, defaultGateway net.IP, localNetworks []routing.LocalNetwork, localIP net.IP)
}
type configurator struct { //nolint:maligned
@@ -36,7 +36,7 @@ type configurator struct { //nolint:maligned
debug bool
defaultInterface string
defaultGateway net.IP
localSubnet net.IPNet
localNetworks []routing.LocalNetwork
localIP net.IP
networkInfoMutex sync.Mutex
@@ -64,11 +64,11 @@ func (c *configurator) SetDebug() {
}
func (c *configurator) SetNetworkInformation(
defaultInterface string, defaultGateway net.IP, localSubnet net.IPNet, localIP net.IP) {
defaultInterface string, defaultGateway net.IP, localNetworks []routing.LocalNetwork, localIP net.IP) {
c.networkInfoMutex.Lock()
defer c.networkInfoMutex.Unlock()
c.defaultInterface = defaultInterface
c.defaultGateway = defaultGateway
c.localSubnet = localSubnet
c.localNetworks = localNetworks
c.localIP = localIP
}