Browse Source

ensure chain jump is added only once

pull/1/head
darkgallium 1 year ago
parent
commit
a59ed38121
  1. 4
      Cargo.lock
  2. 2
      Cargo.toml
  3. 1
      src/diplonat.rs
  4. 11
      src/fw.rs
  5. 12
      src/fw_actor.rs
  6. 1
      src/main.rs

4
Cargo.lock

@ -1210,9 +1210,9 @@ dependencies = [
[[package]]
name = "tokio"
version = "0.2.11"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fdd17989496f49cdc57978c96f0c9fe5e4a58a8bddc6813c449a4624f6a030b"
checksum = "d099fa27b9702bed751524694adbe393e18b36b204da91eb1cbbbbb4a5ee2d58"
dependencies = [
"bytes 0.5.4",
"fnv",

2
Cargo.toml

@ -11,7 +11,7 @@ reqwest = { version = "0.10", features = ["json"] }
igd = { version = "0.10.0", features = ["aio"] }
log = "0.4"
pretty_env_logger = "0.4"
tokio = "0.2.11"
tokio = "0.2"
futures = "0.3.5"
serde = { version = "1.0.107", features = ["derive"] }
serde_json = "1.0.53"

1
src/diplonat.rs

@ -1,5 +1,4 @@
use anyhow::Result;
use log::*;
use tokio::try_join;
use crate::consul_actor::ConsulActor;
use crate::igd_actor::IgdActor;

11
src/fw.rs

@ -1,7 +1,6 @@
use iptables;
use regex::Regex;
use std::collections::HashSet;
use std::io;
use crate::messages;
#[derive(Debug)]
@ -14,15 +13,17 @@ impl From<iptables::error::IPTError> for FirewallError {
}
pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
ipt.new_chain("filter", "DIPLONAT")?;
ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
if !ipt.chain_exists("filter", "DIPLONAT")? {
ipt.new_chain("filter", "DIPLONAT")?;
}
ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)?;
Ok(())
}
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<(), FirewallError> {
for p in ports.tcp_ports {
ipt.append("filter", "DIPLONAT", &format!("-p tcp --dport {} -j ACCEPT", p))?;
}

12
src/fw_actor.rs

@ -1,8 +1,4 @@
use igd::aio::*;
use igd::PortMappingProtocol;
use std::net::SocketAddrV4;
use log::*;
use anyhow::{Result, Context};
use anyhow::Result;
use tokio::{
select,
sync::watch,
@ -10,6 +6,7 @@ use tokio::{
self,
Duration
}};
use log::*;
use iptables;
use crate::messages;
@ -17,7 +14,7 @@ use crate::fw;
use std::collections::HashSet;
pub struct FirewallActor {
ipt: iptables::IPTables,
pub ipt: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration
@ -25,8 +22,6 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(_refresh: Duration, rxp: &watch::Receiver<messages::PublicExposedPorts>) -> Result<Self> {
let ctx = Self {
ipt: iptables::new(false).unwrap(),
rx_ports: rxp.clone(),
@ -61,7 +56,6 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
let curr_opened_ports = fw::get_opened_ports(&self.ipt).unwrap();
let diff_tcp = self.last_ports.tcp_ports.difference(&curr_opened_ports.tcp_ports).copied().collect::<HashSet<u16>>();

1
src/main.rs

@ -7,7 +7,6 @@ mod diplonat;
mod fw;
mod fw_actor;
use iptables;
use log::*;
use diplonat::Diplonat;

Loading…
Cancel
Save