firewall: open ports in ipv6 as well as ipv4 (using ip6tables)

This commit is contained in:
Alex 2023-04-04 13:33:54 +02:00
parent eba95c9b28
commit 846c4344aa

View file

@ -12,7 +12,8 @@ use tokio::{
use crate::{fw, messages};
pub struct FirewallActor {
pub ipt: iptables::IPTables,
pub ipt_v4: iptables::IPTables,
pub ipt_v6: iptables::IPTables,
rx_ports: watch::Receiver<messages::PublicExposedPorts>,
last_ports: messages::PublicExposedPorts,
refresh: Duration,
@ -20,17 +21,19 @@ pub struct FirewallActor {
impl FirewallActor {
pub async fn new(
_refresh: Duration,
refresh: Duration,
rxp: &watch::Receiver<messages::PublicExposedPorts>,
) -> Result<Self> {
let ctx = Self {
ipt: iptables::new(false)?,
ipt_v4: iptables::new(false)?,
ipt_v6: iptables::new(true)?,
rx_ports: rxp.clone(),
last_ports: messages::PublicExposedPorts::new(),
refresh: _refresh,
refresh,
};
fw::setup(&ctx.ipt)?;
fw::setup(&ctx.ipt_v4)?;
fw::setup(&ctx.ipt_v6)?;
return Ok(ctx);
}
@ -59,27 +62,29 @@ impl FirewallActor {
}
pub async fn do_fw_update(&self) -> Result<()> {
let curr_opened_ports = fw::get_opened_ports(&self.ipt)?;
for ipt in [&self.ipt_v4, &self.ipt_v6] {
let curr_opened_ports = fw::get_opened_ports(ipt)?;
let diff_tcp = self
.last_ports
.tcp_ports
.difference(&curr_opened_ports.tcp_ports)
.copied()
.collect::<HashSet<u16>>();
let diff_udp = self
.last_ports
.udp_ports
.difference(&curr_opened_ports.udp_ports)
.copied()
.collect::<HashSet<u16>>();
let diff_tcp = self
.last_ports
.tcp_ports
.difference(&curr_opened_ports.tcp_ports)
.copied()
.collect::<HashSet<u16>>();
let diff_udp = self
.last_ports
.udp_ports
.difference(&curr_opened_ports.udp_ports)
.copied()
.collect::<HashSet<u16>>();
let ports_to_open = messages::PublicExposedPorts {
tcp_ports: diff_tcp,
udp_ports: diff_udp,
};
let ports_to_open = messages::PublicExposedPorts {
tcp_ports: diff_tcp,
udp_ports: diff_udp,
};
fw::open_ports(&self.ipt, ports_to_open)?;
fw::open_ports(ipt, ports_to_open)?;
}
return Ok(());
}