From 4ae80804c06f870c1b23029a75685c6dfff4c132 Mon Sep 17 00:00:00 2001
From: Viktor Liu <viktor@netbird.io>
Date: Mon, 6 Jan 2025 17:31:12 +0100
Subject: [PATCH] Implement disable firewall

---
 client/internal/dnsfwd/manager.go |  5 +++++
 client/internal/engine.go         | 14 ++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/client/internal/dnsfwd/manager.go b/client/internal/dnsfwd/manager.go
index f876bda3048..e6dfd278e5a 100644
--- a/client/internal/dnsfwd/manager.go
+++ b/client/internal/dnsfwd/manager.go
@@ -83,6 +83,11 @@ func (h *Manager) allowDNSFirewall() error {
 		IsRange: false,
 		Values:  []int{ListenPort},
 	}
+
+	if h.firewall == nil {
+		return nil
+	}
+
 	dnsRules, err := h.firewall.AddPeerFiltering(net.IP{0, 0, 0, 0}, firewall.ProtocolUDP, nil, dport, firewall.RuleDirectionIN, firewall.ActionAccept, "", "")
 	if err != nil {
 		log.Errorf("failed to add allow DNS router rules, err: %v", err)
diff --git a/client/internal/engine.go b/client/internal/engine.go
index a3a75ef9a27..3f34b55861e 100644
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -410,12 +410,14 @@ func (e *Engine) Start() error {
 		return fmt.Errorf("create wg interface: %w", err)
 	}
 
-	e.firewall, err = firewall.NewFirewall(e.wgInterface, e.stateManager)
-	if err != nil {
-		log.Errorf("failed creating firewall manager: %s", err)
-	} else if e.firewall != nil {
-		if err := e.initFirewall(); err != nil {
-			return err
+	if !e.config.DisableFirewall {
+		e.firewall, err = firewall.NewFirewall(e.wgInterface, e.stateManager)
+		if err != nil {
+			log.Errorf("failed creating firewall manager: %s", err)
+		} else if e.firewall != nil {
+			if err := e.initFirewall(); err != nil {
+				return err
+			}
 		}
 	}