vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-05-09 20:29:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: merge iptables SetIPv4AllPolicies and SetIPv6AllPolicies together

Browse Source
This commit is contained in:
Quentin McGaw
2026-02-28 15:25:15 +00:00
parent fa0941a529
commit 781e74f77a
4 changed files with 5 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/firewall/enable.go
+1 -5
View File
@@ -51,11 +51,7 @@ func (c *Config) enable(ctx context.Context) (err error) {
} }
}() }()
if err = c.impl.SetIPv4AllPolicies(ctx, "DROP"); err != nil { if err = c.impl.SetBaseChainsPolicy(ctx, "DROP"); err != nil {
return err
}
if err = c.impl.SetIPv6AllPolicies(ctx, "DROP"); err != nil {
return err return err
} }
internal/firewall/interfaces.go
+1 -2
View File
@@ -34,8 +34,7 @@ type firewallImpl interface { //nolint:interfacebloat
RedirectPort(ctx context.Context, intf string, sourcePort, RedirectPort(ctx context.Context, intf string, sourcePort,
destinationPort uint16, remove bool) error destinationPort uint16, remove bool) error
RunUserPostRules(ctx context.Context, customRulesPath string) error RunUserPostRules(ctx context.Context, customRulesPath string) error
SetIPv4AllPolicies(ctx context.Context, policy string) error SetBaseChainsPolicy(ctx context.Context, policy string) error
SetIPv6AllPolicies(ctx context.Context, policy string) error
TempDropOutputTCPRST(ctx context.Context, src, dst netip.AddrPort, excludeMark int) ( TempDropOutputTCPRST(ctx context.Context, src, dst netip.AddrPort, excludeMark int) (
revert func(ctx context.Context) error, err error) revert func(ctx context.Context) error, err error)
Version(ctx context.Context) (version string, err error) Version(ctx context.Context) (version string, err error)
internal/firewall/iptables/ip6tables.go
-15
View File
@@ -81,18 +81,3 @@ func (c *Config) runIP6tablesInstructionNoSave(ctx context.Context, instruction
} }
return nil return nil
} }
var ErrPolicyNotValid = errors.New("policy is not valid")
func (c *Config) SetIPv6AllPolicies(ctx context.Context, policy string) error {
switch policy {
case "ACCEPT", "DROP":
default:
return fmt.Errorf("%w: %s", ErrPolicyNotValid, policy)
}
return c.runIP6tablesInstructions(ctx, []string{
"--policy INPUT " + policy,
"--policy OUTPUT " + policy,
"--policy FORWARD " + policy,
})
}
internal/firewall/iptables/iptables.go
+3 -2
View File
@@ -98,13 +98,14 @@ func (c *Config) runIptablesInstructionNoSave(ctx context.Context, instruction s
return nil return nil
} }
func (c *Config) SetIPv4AllPolicies(ctx context.Context, policy string) error { func (c *Config) SetBaseChainsPolicy(ctx context.Context, policy string) error {
policy = strings.ToUpper(policy)
switch policy { switch policy {
case "ACCEPT", "DROP": case "ACCEPT", "DROP":
default: default:
return fmt.Errorf("%w: %s", ErrPolicyUnknown, policy) return fmt.Errorf("%w: %s", ErrPolicyUnknown, policy)
} }
return c.runIptablesInstructions(ctx, []string{ return c.runMixedIptablesInstructions(ctx, []string{
"--policy INPUT " + policy, "--policy INPUT " + policy,
"--policy OUTPUT " + policy, "--policy OUTPUT " + policy,
"--policy FORWARD " + policy, "--policy FORWARD " + policy,