sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-21 01:36:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove default protocol for migrated rules policy

Browse Source
This commit is contained in:
Givi Khojanashvili
2023-03-24 14:59:34 +04:00
parent 27e4fb686f
commit 7474432bea
4 changed files with 16 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
client/firewall/iptables/manager_linux.go
View File

@@ -27,6 +27,9 @@ var pingSupportDefaultRule = []string{
"-p", "icmp", "--icmp-type", "echo-request", "-j",
"ACCEPT", "-m", "comment", "--comment", "Allow pings from the Netbird Devices"}
// dropAllDefaultRule in the Netbird chain
var dropAllDefaultRule = []string{"-j", "DROP"}
// Manager of iptables firewall
type Manager struct {
mutex sync.Mutex
@@ -184,7 +187,9 @@ func (m *Manager) filterRuleSpecs(
case fw.DirectionDst:
specs = append(specs, "-d", ip.String())
}
specs = append(specs, "-p", protocol)
if protocol != "" {
specs = append(specs, "-p", protocol)
}
if port != "" {
specs = append(specs, "--dport", port)
}
@@ -224,6 +229,10 @@ func (m *Manager) client(ip net.IP) (*iptables.IPTables, error) {
return nil, fmt.Errorf("failed to create default ping allow rule: %w", err)
}
if err := client.AppendUnique("filter", ChainFilterName, dropAllDefaultRule...); err != nil {
return nil, fmt.Errorf("failed to create default drop all in netbird chain: %w", err)
}
specs := append([]string{"-i", m.wgIfaceName}, jumpNetbirdDefaultRule...)
if err := client.AppendUnique("filter", "INPUT", specs...); err != nil {
return nil, fmt.Errorf("failed to create chain: %w", err)