Skip to content

Commit

Permalink
Implement disable firewall
Browse files Browse the repository at this point in the history
  • Loading branch information
@lixmal
lixmal committed Jan 6, 2025
1 parent f53b960 commit 4ae8080
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
5 changes: 5 additions & 0 deletions client/internal/dnsfwd/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ func (h *Manager) allowDNSFirewall() error {
IsRange: false,
Values: []int{ListenPort},
}

if h.firewall == nil {
return nil
}

dnsRules, err := h.firewall.AddPeerFiltering(net.IP{0, 0, 0, 0}, firewall.ProtocolUDP, nil, dport, firewall.RuleDirectionIN, firewall.ActionAccept, "", "")
if err != nil {
log.Errorf("failed to add allow DNS router rules, err: %v", err)
Expand Down
14 changes: 8 additions & 6 deletions client/internal/engine.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -410,12 +410,14 @@ func (e *Engine) Start() error {
return fmt.Errorf("create wg interface: %w", err)
}

e.firewall, err = firewall.NewFirewall(e.wgInterface, e.stateManager)
if err != nil {
log.Errorf("failed creating firewall manager: %s", err)
} else if e.firewall != nil {
if err := e.initFirewall(); err != nil {
return err
if !e.config.DisableFirewall {
e.firewall, err = firewall.NewFirewall(e.wgInterface, e.stateManager)
if err != nil {
log.Errorf("failed creating firewall manager: %s", err)
} else if e.firewall != nil {
if err := e.initFirewall(); err != nil {
return err
}
}
}

Expand Down

0 comments on commit 4ae8080

Please sign in to comment.