admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6b6caa435f56de6bda736ea21856c813f7682e63
gluetun/internal/routing/inbound.go
Quentin McGaw (desktop) 501ae2741b Fix: FIREWALL_OUTBOUND_SUBNETS ip rules
2021-08-26 15:46:19 +00:00

79 lines
2.0 KiB
Go
Raw Blame History

package routing
import (
"errors"
"fmt"
"net"
"github.com/qdm12/gluetun/internal/netlink"
)
const (
inboundTable = 200
inboundPriority = 100
)
var (
errDefaultIP = errors.New("cannot get default IP address")
)
func (r *Routing) routeInboundFromDefault(defaultGateway net.IP,
defaultInterface string) (err error) {
if err := r.addRuleInboundFromDefault(inboundTable); err != nil {
return fmt.Errorf("%w: %s", errRuleAdd, err)
}
defaultDestination := net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)}
if err := r.addRouteVia(defaultDestination, defaultGateway, defaultInterface, inboundTable); err != nil {
return fmt.Errorf("%w: %s", errRouteAdd, err)
}
return nil
}
func (r *Routing) unrouteInboundFromDefault(defaultGateway net.IP,
defaultInterface string) (err error) {
defaultDestination := net.IPNet{IP: net.IPv4(0, 0, 0, 0), Mask: net.IPv4Mask(0, 0, 0, 0)}
if err := r.deleteRouteVia(defaultDestination, defaultGateway, defaultInterface, inboundTable); err != nil {
return fmt.Errorf("%w: %s", errRouteDelete, err)
}
if err := r.delRuleInboundFromDefault(inboundTable); err != nil {
return fmt.Errorf("%w: %s", errRuleDelete, err)
}
return nil
}
func (r *Routing) addRuleInboundFromDefault(table int) (err error) {
defaultIP, err := r.DefaultIP()
if err != nil {
return fmt.Errorf("%w: %s", errDefaultIP, err)
}
defaultIPMasked32 := netlink.NewIPNet(defaultIP)
ruleDstNet := (*net.IPNet)(nil)
err = r.addIPRule(defaultIPMasked32, ruleDstNet, table, inboundPriority)
if err != nil {
return fmt.Errorf("%w: %s", errRuleAdd, err)
}
return nil
}
func (r *Routing) delRuleInboundFromDefault(table int) (err error) {
defaultIP, err := r.DefaultIP()
if err != nil {
return fmt.Errorf("%w: %s", errDefaultIP, err)
}
defaultIPMasked32 := netlink.NewIPNet(defaultIP)
ruleDstNet := (*net.IPNet)(nil)
err = r.deleteIPRule(defaultIPMasked32, ruleDstNet, table, inboundPriority)
if err != nil {
return fmt.Errorf("%w: %s", errRuleDelete, err)
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink