Skip to content

Commit

Permalink
Implement disable firewall
Browse files Browse the repository at this point in the history
  • Loading branch information
@lixmal
lixmal committed Jan 6, 2025
1 parent f53b960 commit 20cdd49
Showing 2 changed files with 27 additions and 7 deletions.
5 changes: 5 additions & 0 deletions client/internal/dnsfwd/manager.go
View file
Original file line number Diff line number Diff line change
@@ -83,6 +83,11 @@ func (h *Manager) allowDNSFirewall() error {
IsRange: false,
Values: []int{ListenPort},
}

if h.firewall == nil {
return nil
}

dnsRules, err := h.firewall.AddPeerFiltering(net.IP{0, 0, 0, 0}, firewall.ProtocolUDP, nil, dport, firewall.RuleDirectionIN, firewall.ActionAccept, "", "")
if err != nil {
log.Errorf("failed to add allow DNS router rules, err: %v", err)
29 changes: 22 additions & 7 deletions client/internal/engine.go
View file
Original file line number Diff line number Diff line change
@@ -410,13 +410,8 @@ func (e *Engine) Start() error {
return fmt.Errorf("create wg interface: %w", err)
}

e.firewall, err = firewall.NewFirewall(e.wgInterface, e.stateManager)
if err != nil {
log.Errorf("failed creating firewall manager: %s", err)
} else if e.firewall != nil {
if err := e.initFirewall(); err != nil {
return err
}
if err := e.createFirewall(); err != nil {
return err
}

e.udpMux, err = e.wgInterface.Up()
@@ -458,6 +453,26 @@ func (e *Engine) Start() error {
return nil
}

func (e *Engine) createFirewall() error {
if e.config.DisableFirewall {
log.Infof("firewall is disabled")
return nil
}

var err error
e.firewall, err = firewall.NewFirewall(e.wgInterface, e.stateManager)
if err != nil || e.firewall == nil {
log.Errorf("failed creating firewall manager: %s", err)
return nil
}

if err := e.initFirewall(); err != nil {
return err
}

return nil
}

func (e *Engine) initFirewall() error {
if e.firewall.IsServerRouteSupported() {
if err := e.routeManager.EnableServerRouter(e.firewall); err != nil {

0 comments on commit 20cdd49

Please sign in to comment.