firewall: open ports in ipv6 as well as ipv4 (using ip6tables)
This commit is contained in:
parent
eba95c9b28
commit
846c4344aa
|
|
@ -12,7 +12,8 @@ use tokio::{
|
||||||
use crate::{fw, messages};
|
use crate::{fw, messages};
|
||||||
|
|
||||||
pub struct FirewallActor {
|
pub struct FirewallActor {
|
||||||
pub ipt: iptables::IPTables,
|
pub ipt_v4: iptables::IPTables,
|
||||||
|
pub ipt_v6: iptables::IPTables,
|
||||||
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
|
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
|
||||||
last_ports: messages::PublicExposedPorts,
|
last_ports: messages::PublicExposedPorts,
|
||||||
refresh: Duration,
|
refresh: Duration,
|
||||||
|
|
@ -20,17 +21,19 @@ pub struct FirewallActor {
|
||||||
|
|
||||||
impl FirewallActor {
|
impl FirewallActor {
|
||||||
pub async fn new(
|
pub async fn new(
|
||||||
_refresh: Duration,
|
refresh: Duration,
|
||||||
rxp: &watch::Receiver<messages::PublicExposedPorts>,
|
rxp: &watch::Receiver<messages::PublicExposedPorts>,
|
||||||
) -> Result<Self> {
|
) -> Result<Self> {
|
||||||
let ctx = Self {
|
let ctx = Self {
|
||||||
ipt: iptables::new(false)?,
|
ipt_v4: iptables::new(false)?,
|
||||||
|
ipt_v6: iptables::new(true)?,
|
||||||
rx_ports: rxp.clone(),
|
rx_ports: rxp.clone(),
|
||||||
last_ports: messages::PublicExposedPorts::new(),
|
last_ports: messages::PublicExposedPorts::new(),
|
||||||
refresh: _refresh,
|
refresh,
|
||||||
};
|
};
|
||||||
|
|
||||||
fw::setup(&ctx.ipt)?;
|
fw::setup(&ctx.ipt_v4)?;
|
||||||
|
fw::setup(&ctx.ipt_v6)?;
|
||||||
|
|
||||||
return Ok(ctx);
|
return Ok(ctx);
|
||||||
}
|
}
|
||||||
|
|
@ -59,27 +62,29 @@ impl FirewallActor {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn do_fw_update(&self) -> Result<()> {
|
pub async fn do_fw_update(&self) -> Result<()> {
|
||||||
let curr_opened_ports = fw::get_opened_ports(&self.ipt)?;
|
for ipt in [&self.ipt_v4, &self.ipt_v6] {
|
||||||
|
let curr_opened_ports = fw::get_opened_ports(ipt)?;
|
||||||
|
|
||||||
let diff_tcp = self
|
let diff_tcp = self
|
||||||
.last_ports
|
.last_ports
|
||||||
.tcp_ports
|
.tcp_ports
|
||||||
.difference(&curr_opened_ports.tcp_ports)
|
.difference(&curr_opened_ports.tcp_ports)
|
||||||
.copied()
|
.copied()
|
||||||
.collect::<HashSet<u16>>();
|
.collect::<HashSet<u16>>();
|
||||||
let diff_udp = self
|
let diff_udp = self
|
||||||
.last_ports
|
.last_ports
|
||||||
.udp_ports
|
.udp_ports
|
||||||
.difference(&curr_opened_ports.udp_ports)
|
.difference(&curr_opened_ports.udp_ports)
|
||||||
.copied()
|
.copied()
|
||||||
.collect::<HashSet<u16>>();
|
.collect::<HashSet<u16>>();
|
||||||
|
|
||||||
let ports_to_open = messages::PublicExposedPorts {
|
let ports_to_open = messages::PublicExposedPorts {
|
||||||
tcp_ports: diff_tcp,
|
tcp_ports: diff_tcp,
|
||||||
udp_ports: diff_udp,
|
udp_ports: diff_udp,
|
||||||
};
|
};
|
||||||
|
|
||||||
fw::open_ports(&self.ipt, ports_to_open)?;
|
fw::open_ports(ipt, ports_to_open)?;
|
||||||
|
}
|
||||||
|
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue