extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-09 23:27:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Extend protocol and firewall manager to handle old management (#915)

Browse Source 
* Extend protocol and firewall manager to handle old management

* Send correct empty firewall rules list when delete peer

* Add extra tests for firewall manager and uspfilter

* Work with inconsistent state

* Review note

* Update comment
This commit is contained in:
Givi Khojanashvili
2023-05-31 21:04:38 +04:00
committed by GitHub
parent 45a6263adc
commit 293499c3c0
13 changed files with 362 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
client/firewall/iptables/manager_linux.go
View File

@ -236,11 +236,20 @@ func (m *Manager) filterRuleSpecs(
table string, ip net.IP, protocol string, sPort, dPort string,
direction fw.RuleDirection, action fw.Action, comment string,
) (specs []string) {
matchByIP := true
// don't use IP matching if IP is ip 0.0.0.0
if s := ip.String(); s == "0.0.0.0" || s == "::" {
matchByIP = false
}
switch direction {
case fw.RuleDirectionIN:
specs = append(specs, "-s", ip.String())
if matchByIP {
specs = append(specs, "-s", ip.String())
}
case fw.RuleDirectionOUT:
specs = append(specs, "-d", ip.String())
if matchByIP {
specs = append(specs, "-d", ip.String())
}
}
if protocol != "all" {
specs = append(specs, "-p", protocol)