admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Firewall refactoring

Browse Source 
- Ability to enable and disable rules in various loops
- Simplified code overall
- Port forwarding moved into openvpn loop
- Route addition and removal improved
This commit is contained in:
Quentin McGaw
2020-07-11 21:03:55 +00:00
parent ccf11990f1
commit b1596bc7e4
20 changed files with 887 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/tinyproxy/loop.go
View File

@@ -57,6 +57,7 @@ func (l *looper) Run(ctx context.Context, restart <-chan struct{}, wg *sync.Wait
}
defer l.logger.Warn("loop exited")
var previousPort uint16
for ctx.Err() == nil {
err := l.conf.MakeConf(
l.settings.LogLevel,
@@ -69,11 +70,19 @@ func (l *looper) Run(ctx context.Context, restart <-chan struct{}, wg *sync.Wait
l.logAndWait(ctx, err)
continue
}
err = l.firewallConf.AllowAnyIncomingOnPort(ctx, l.settings.Port)
// TODO remove firewall rule on exit below
if err != nil {
l.logger.Error(err)
if previousPort > 0 {
if err := l.firewallConf.RemoveAllowedPort(ctx, previousPort); err != nil {
l.logger.Error(err)
continue
}
}
if err := l.firewallConf.SetAllowedPort(ctx, l.settings.Port); err != nil {
l.logger.Error(err)
continue
}
previousPort = l.settings.Port
tinyproxyCtx, tinyproxyCancel := context.WithCancel(context.Background())
stream, waitFn, err := l.conf.Start(tinyproxyCtx)
if err != nil {