ensure chain jump is added only once
This commit is contained in:
parent
6fe86469ee
commit
a59ed38121
6 changed files with 12 additions and 19 deletions
4
Cargo.lock
generated
4
Cargo.lock
generated
|
@ -1210,9 +1210,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "tokio"
|
||||
version = "0.2.11"
|
||||
version = "0.2.21"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8fdd17989496f49cdc57978c96f0c9fe5e4a58a8bddc6813c449a4624f6a030b"
|
||||
checksum = "d099fa27b9702bed751524694adbe393e18b36b204da91eb1cbbbbb4a5ee2d58"
|
||||
dependencies = [
|
||||
"bytes 0.5.4",
|
||||
"fnv",
|
||||
|
|
|
@ -11,7 +11,7 @@ reqwest = { version = "0.10", features = ["json"] }
|
|||
igd = { version = "0.10.0", features = ["aio"] }
|
||||
log = "0.4"
|
||||
pretty_env_logger = "0.4"
|
||||
tokio = "0.2.11"
|
||||
tokio = "0.2"
|
||||
futures = "0.3.5"
|
||||
serde = { version = "1.0.107", features = ["derive"] }
|
||||
serde_json = "1.0.53"
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
use anyhow::Result;
|
||||
use log::*;
|
||||
use tokio::try_join;
|
||||
use crate::consul_actor::ConsulActor;
|
||||
use crate::igd_actor::IgdActor;
|
||||
|
|
11
src/fw.rs
11
src/fw.rs
|
@ -1,7 +1,6 @@
|
|||
use iptables;
|
||||
use regex::Regex;
|
||||
use std::collections::HashSet;
|
||||
use std::io;
|
||||
use crate::messages;
|
||||
|
||||
#[derive(Debug)]
|
||||
|
@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
|
|||
}
|
||||
|
||||
pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
|
||||
|
||||
ipt.new_chain("filter", "DIPLONAT")?;
|
||||
ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
|
||||
|
||||
if !ipt.chain_exists("filter", "DIPLONAT")? {
|
||||
ipt.new_chain("filter", "DIPLONAT")?;
|
||||
}
|
||||
|
||||
ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
|
||||
|
||||
for p in ports.tcp_ports {
|
||||
ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
|
||||
}
|
||||
|
|
|
@ -1,8 +1,4 @@
|
|||
use igd::aio::*;
|
||||
use igd::PortMappingProtocol;
|
||||
use std::net::SocketAddrV4;
|
||||
use log::*;
|
||||
use anyhow::{Result, Context};
|
||||
use anyhow::Result;
|
||||
use tokio::{
|
||||
select,
|
||||
sync::watch,
|
||||
|
@ -10,6 +6,7 @@ use tokio::{
|
|||
self,
|
||||
Duration
|
||||
}};
|
||||
use log::*;
|
||||
|
||||
use iptables;
|
||||
use crate::messages;
|
||||
|
@ -17,7 +14,7 @@ use crate::fw;
|
|||
use std::collections::HashSet;
|
||||
|
||||
pub struct FirewallActor {
|
||||
ipt: iptables::IPTables,
|
||||
pub ipt: iptables::IPTables,
|
||||
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
|
||||
last_ports: messages::PublicExposedPorts,
|
||||
refresh: Duration
|
||||
|
@ -25,8 +22,6 @@ pub struct FirewallActor {
|
|||
|
||||
impl FirewallActor {
|
||||
pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> {
|
||||
|
||||
|
||||
let ctx = Self {
|
||||
ipt: iptables::new(false).unwrap(),
|
||||
rx_ports: rxp.clone(),
|
||||
|
@ -61,7 +56,6 @@ impl FirewallActor {
|
|||
}
|
||||
|
||||
pub async fn do_fw_update(&self) -> Result<()> {
|
||||
|
||||
let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap();
|
||||
|
||||
let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>();
|
||||
|
|
|
@ -7,7 +7,6 @@ mod diplonat;
|
|||
mod fw;
|
||||
mod fw_actor;
|
||||
|
||||
use iptables;
|
||||
use log::*;
|
||||
use diplonat::Diplonat;
|
||||
|
||||
|
|
Loading…
Reference in a new issue