vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-09 20:29:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(netlink): detect ipv6 support level (#2523)

Browse Source 
- add option `IPV6_CHECK_ADDRESSESES=[2001:4860:4860::8888]:53,[2606:4700:4700::1111]:53`
- gluetun needs access to the addresses above through the host firewall, to test ipv6 support before setting up the vpn
This commit is contained in:
Quentin McGaw
2026-04-07 13:48:15 +02:00
committed by GitHub
parent 1ae85aa5d0
commit 11883aa830
20 changed files with 498 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/firewall/interfaces.go
+2
View File
@@ -26,6 +26,8 @@ type firewallImpl interface { //nolint:interfacebloat
AcceptInputToPort(ctx context.Context, intf string, port uint16, remove bool) error
AcceptInputToSubnet(ctx context.Context, intf string, subnet netip.Prefix) error
AcceptIpv6MulticastOutput(ctx context.Context, intf string) error
AcceptOutput(ctx context.Context, protocol, intf string,
ip netip.Addr, port uint16, remove bool) error
AcceptOutputFromIPToSubnet(ctx context.Context, intf string, assignedIP netip.Addr,
subnet netip.Prefix, remove bool) error
AcceptOutputThroughInterface(ctx context.Context, intf string, remove bool) error
internal/firewall/iptables/iptables.go
+18
View File
@@ -162,6 +162,24 @@ func (c *Config) AcceptOutputTrafficToVPN(ctx context.Context,
return c.runIP6tablesInstruction(ctx, instruction)
}
func (c *Config) AcceptOutput(ctx context.Context,
protocol, intf string, ip netip.Addr, port uint16, remove bool,
) error {
interfaceFlag := "-o " + intf
if intf == "*" { // all interfaces
interfaceFlag = ""
}
instruction := fmt.Sprintf("%s OUTPUT -d %s %s -p %s -m %s --dport %d -j ACCEPT",
appendOrDelete(remove), ip, interfaceFlag, protocol, protocol, port)
if ip.Is4() {
return c.runIptablesInstruction(ctx, instruction)
} else if c.ip6Tables == "" {
return fmt.Errorf("accept output to VPN server: %w", ErrNeedIP6Tables)
}
return c.runIP6tablesInstruction(ctx, instruction)
}
// AcceptOutputFromIPToSubnet accepts outgoing traffic from sourceIP to destinationSubnet
// on the interface intf. If intf is empty, it is set to "*" which means all interfaces.
// If remove is true, the rule is removed instead of added.
internal/firewall/wrappers.go
+6
View File
@@ -19,3 +19,9 @@ func (c *Config) TempDropOutputTCPRST(ctx context.Context,
) {
return c.impl.TempDropOutputTCPRST(ctx, src, dst, excludeMark)
}
func (c *Config) AcceptOutput(ctx context.Context, protocol, intf string,
ip netip.Addr, port uint16, remove bool,
) error {
return c.impl.AcceptOutput(ctx, protocol, intf, ip, port, remove)
}