admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(firewall): support icmp rules

Browse Source
This commit is contained in:
Quentin McGaw
2024-12-25 20:05:46 +00:00
parent ddd9f4d021
commit e890c50da6
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/firewall/list.go
View File

@@ -22,7 +22,7 @@ type chainRule struct {
packets uint64 packets uint64
bytes uint64 bytes uint64
target string // "ACCEPT", "DROP", "REJECT" or "REDIRECT" target string // "ACCEPT", "DROP", "REJECT" or "REDIRECT"
protocol string // "tcp", "udp" or "" for all protocols. protocol string // "icmp", "tcp", "udp" or "" for all protocols.
inputInterface string // input interface, for example "tun0" or "*"" inputInterface string // input interface, for example "tun0" or "*""
outputInterface string // output interface, for example "eth0" or "*"" outputInterface string // output interface, for example "eth0" or "*""
source netip.Prefix // source IP CIDR, for example 0.0.0.0/0. Must be valid. source netip.Prefix // source IP CIDR, for example 0.0.0.0/0. Must be valid.
@@ -324,6 +324,8 @@ var ErrProtocolUnknown = errors.New("unknown protocol")
func parseProtocol(s string) (protocol string, err error) { func parseProtocol(s string) (protocol string, err error) {
switch s { switch s {
case "0": case "0":
case "1":
protocol = "icmp"
case "6": case "6":
protocol = "tcp" protocol = "tcp"
case "17": case "17":

14
internal/firewall/list_test.go
View File

@@ -56,7 +56,8 @@ num pkts bytes target prot opt in out source destinati
num pkts bytes target prot opt in out source destination num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT 17 -- tun0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:55405 1 0 0 ACCEPT 17 -- tun0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:55405
2 0 0 ACCEPT 6 -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:55405 2 0 0 ACCEPT 6 -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:55405
3 0 0 DROP 0 -- tun0 * 1.2.3.4 0.0.0.0/0 3 0 0 ACCEPT 1 -- tun0 * 0.0.0.0/0 0.0.0.0/0
4 0 0 DROP 0 -- tun0 * 1.2.3.4 0.0.0.0/0
`, `,
table: chain{ table: chain{
name: "INPUT", name: "INPUT",
@@ -92,6 +93,17 @@ num pkts bytes target prot opt in out source destinati
lineNumber: 3, lineNumber: 3,
packets: 0, packets: 0,
bytes: 0, bytes: 0,
target: "ACCEPT",
protocol: "icmp",
inputInterface: "tun0",
outputInterface: "*",
source: netip.MustParsePrefix("0.0.0.0/0"),
destination: netip.MustParsePrefix("0.0.0.0/0"),
},
{
lineNumber: 4,
packets: 0,
bytes: 0,
target: "DROP", target: "DROP",
protocol: "", protocol: "",
inputInterface: "tun0", inputInterface: "tun0",