admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Firewall refactoring

Browse Source 
- Ability to enable and disable rules in various loops
- Simplified code overall
- Port forwarding moved into openvpn loop
- Route addition and removal improved
This commit is contained in:
Quentin McGaw
2020-07-11 21:03:55 +00:00
parent ccf11990f1
commit b1596bc7e4
20 changed files with 887 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
internal/routing/mutate.go
View File

@@ -7,29 +7,34 @@ import (
"fmt"
)
func (r *routing) AddRoutesVia(ctx context.Context, subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error {
for _, subnet := range subnets {
exists, err := r.routeExists(subnet)
if err != nil {
return err
} else if exists { // thanks to @npawelek https://github.com/npawelek
if err := r.removeRoute(ctx, subnet); err != nil {
return err
}
}
r.logger.Info("adding %s as route via %s", subnet.String(), defaultInterface)
output, err := r.commander.Run(ctx, "ip", "route", "add", subnet.String(), "via", defaultGateway.String(), "dev", defaultInterface)
if err != nil {
return fmt.Errorf("cannot add route for %s via %s %s %s: %s: %w", subnet.String(), defaultGateway.String(), "dev", defaultInterface, output, err)
}
func (r *routing) AddRouteVia(ctx context.Context, subnet net.IPNet, defaultGateway net.IP, defaultInterface string) error {
subnetStr := subnet.String()
r.logger.Info("adding %s as route via %s %s", subnetStr, defaultGateway, defaultInterface)
exists, err := r.routeExists(subnet)
if err != nil {
return err
} else if exists {
return nil
}
output, err := r.commander.Run(ctx, "ip", "route", "add", subnetStr, "via", defaultGateway.String(), "dev", defaultInterface)
if err != nil {
return fmt.Errorf("cannot add route for %s via %s %s %s: %s: %w", subnetStr, defaultGateway, "dev", defaultInterface, output, err)
}
return nil
}
func (r *routing) removeRoute(ctx context.Context, subnet net.IPNet) (err error) {
output, err := r.commander.Run(ctx, "ip", "route", "del", subnet.String())
func (r *routing) DeleteRouteVia(ctx context.Context, subnet net.IPNet) (err error) {
subnetStr := subnet.String()
r.logger.Info("deleting route for %s", subnetStr)
exists, err := r.routeExists(subnet)
if err != nil {
return fmt.Errorf("cannot delete route for %s: %s: %w", subnet.String(), output, err)
return err
} else if !exists { // thanks to @npawelek https://github.com/npawelek
return nil
}
output, err := r.commander.Run(ctx, "ip", "route", "del", subnetStr)
if err != nil {
return fmt.Errorf("cannot delete route for %s: %s: %w", subnetStr, output, err)
}
return nil
}