fix(firewall/iptables): shared mutex for both iptables and ip6tables

internal/firewall/iptables/atomic.go

@@ -11,9 +11,7 @@ import (
 // returns a restore function that can be called to restore the saved rules.
 func (c *Config) SaveAndRestore(ctx context.Context) (restore func(context.Context), err error) {
 	c.iptablesMutex.Lock()
-	c.ip6tablesMutex.Lock()
 	defer c.iptablesMutex.Unlock()
-	defer c.ip6tablesMutex.Unlock()
 
 	return c.saveAndRestore(ctx)
 }

internal/firewall/iptables/firewall.go

@@ -6,10 +6,9 @@ import (
 )
 
 type Config struct {
-	runner         CmdRunner
+	runner        CmdRunner
-	logger         Logger
+	logger        Logger
-	iptablesMutex  sync.Mutex
+	iptablesMutex sync.Mutex
-	ip6tablesMutex sync.Mutex
 
 	// Fixed state
 	ipTables  string

internal/firewall/iptables/ip6tables.go

@@ -24,8 +24,8 @@ func findIP6tablesSupported(ctx context.Context, runner CmdRunner) (
 }
 
 func (c *Config) runIP6tablesInstructions(ctx context.Context, instructions []string) error {
-	c.ip6tablesMutex.Lock() // only one ip6tables command at once
+	c.iptablesMutex.Lock() // only one iptables command at once
-	defer c.ip6tablesMutex.Unlock()
+	defer c.iptablesMutex.Unlock()
 
 	restore, err := c.saveAndRestoreIPv6(ctx)
 	if err != nil {
@@ -48,8 +48,8 @@ func (c *Config) runIP6tablesInstructionsNoSave(ctx context.Context, instruction
 }
 
 func (c *Config) runIP6tablesInstruction(ctx context.Context, instruction string) error {
-	c.ip6tablesMutex.Lock() // only one ip6tables command at once
+	c.iptablesMutex.Lock() // only one iptables command at once
-	defer c.ip6tablesMutex.Unlock()
+	defer c.iptablesMutex.Unlock()
 
 	restore, err := c.saveAndRestoreIPv6(ctx)
 	if err != nil {

internal/firewall/iptables/iptables.go

@@ -229,9 +229,7 @@ func (c *Config) RedirectPort(ctx context.Context, intf string,
 	}
 
 	c.iptablesMutex.Lock()
-	c.ip6tablesMutex.Lock()
 	defer c.iptablesMutex.Unlock()
-	defer c.ip6tablesMutex.Unlock()
 
 	restore, err := c.saveAndRestore(ctx)
 	if err != nil {
@@ -297,9 +295,7 @@ func (c *Config) RunUserPostRules(ctx context.Context, filepath string) error {
 	lines := strings.Split(string(b), "\n")
 
 	c.iptablesMutex.Lock()
-	c.ip6tablesMutex.Lock()
 	defer c.iptablesMutex.Unlock()
-	defer c.ip6tablesMutex.Unlock()
 
 	restore, err := c.saveAndRestore(ctx)
 	if err != nil {

internal/firewall/iptables/iptablesmix.go

@@ -6,9 +6,7 @@ import (
 
 func (c *Config) runMixedIptablesInstructions(ctx context.Context, instructions []string) error {
 	c.iptablesMutex.Lock()
-	c.ip6tablesMutex.Lock()
 	defer c.iptablesMutex.Unlock()
-	defer c.ip6tablesMutex.Unlock()
 
 	restore, err := c.saveAndRestore(ctx)
 	if err != nil {
@@ -26,9 +24,7 @@ func (c *Config) runMixedIptablesInstructions(ctx context.Context, instructions
 
 func (c *Config) runMixedIptablesInstruction(ctx context.Context, instruction string) error {
 	c.iptablesMutex.Lock()
-	c.ip6tablesMutex.Lock()
 	defer c.iptablesMutex.Unlock()
-	defer c.ip6tablesMutex.Unlock()
 
 	restore, err := c.saveAndRestore(ctx)
 	if err != nil {