ensure chain jump is added only once

This commit is contained in:
darkgallium 2020-06-28 18:22:23 +02:00
parent 6fe86469ee
commit a59ed38121
6 changed files with 12 additions and 19 deletions

4
Cargo.lock generated
View file

@ -1210,9 +1210,9 @@ dependencies = [
[[package]]
name = "tokio"
version = "0.2.11"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fdd17989496f49cdc57978c96f0c9fe5e4a58a8bddc6813c449a4624f6a030b"
checksum = "d099fa27b9702bed751524694adbe393e18b36b204da91eb1cbbbbb4a5ee2d58"
dependencies = [
"bytes 0.5.4",
"fnv",

View file

@ -11,7 +11,7 @@ reqwest = { version = "0.10", features = ["json"] }
igd = { version = "0.10.0", features = ["aio"] }
log = "0.4"
pretty_env_logger = "0.4"
tokio = "0.2.11"
tokio = "0.2"
futures = "0.3.5"
serde = { version = "1.0.107", features = ["derive"] }
serde_json = "1.0.53"

View file

@ -1,5 +1,4 @@
use anyhow::Result;
use log::*;
use tokio::try_join;
use crate::consul_actor::ConsulActor;
use crate::igd_actor::IgdActor;

View file

@ -1,7 +1,6 @@
use iptables;
use regex::Regex;
use std::collections::HashSet;
use std::io;
use crate::messages;
#[derive(Debug)]
@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
}
pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
ipt.new_chain("filter", "DIPLONAT")?;
ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
if !ipt.chain_exists("filter", "DIPLONAT")? {
ipt.new_chain("filter", "DIPLONAT")?;
}
ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
Ok(())
}
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
for p in ports.tcp_ports {
ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
}

View file

@ -1,8 +1,4 @@
use igd::aio::*;
use igd::PortMappingProtocol;
use std::net::SocketAddrV4;
use log::*;
use anyhow::{Result, Context};
use anyhow::Result;
use tokio::{
select,
sync::watch,
@ -10,6 +6,7 @@ use tokio::{
self,
Duration
}};
use log::*;
use iptables;
use crate::messages;
@ -17,7 +14,7 @@ use crate::fw;
use std::collections::HashSet;
pub struct FirewallActor {
ipt: iptables::IPTables,
pub ipt: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration
@ -25,8 +22,6 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> {
let ctx = Self {
ipt: iptables::new(false).unwrap(),
rx_ports: rxp.clone(),
@ -61,7 +56,6 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap();
let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>();

View file

@ -7,7 +7,6 @@ mod diplonat;
mod fw;
mod fw_actor;
use iptables;
use log::*;
use diplonat::Diplonat;