diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-04 00:53:35 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-04 00:53:35 +0200 |
commit | b274f187d62b677513ab9eabf5a081e0a37a8d47 (patch) | |
tree | 3ef66c2e0c9aa8424f4243b7606dcf5642caade0 | |
parent | ui: specify default action in tray (diff) | |
download | wireguard-windows-b274f187d62b677513ab9eabf5a081e0a37a8d47.tar.xz wireguard-windows-b274f187d62b677513ab9eabf5a081e0a37a8d47.zip |
firewall: do not add unused permit rules when !restrictAll
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | service/firewall/blocker.go | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/service/firewall/blocker.go b/service/firewall/blocker.go index 507c8946..b796aa7f 100644 --- a/service/firewall/blocker.go +++ b/service/firewall/blocker.go @@ -132,19 +132,21 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error { return wrapErr(err) } - err = permitDhcpIpv4(session, baseObjects, 15) - if err != nil { - return wrapErr(err) - } + if restrictAll { + err = permitDhcpIpv4(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } - err = permitDhcpIpv6(session, baseObjects, 15) - if err != nil { - return wrapErr(err) - } + err = permitDhcpIpv6(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } - err = permitNdp(session, baseObjects, 15) - if err != nil { - return wrapErr(err) + err = permitNdp(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } } if restrictDNS { @@ -154,12 +156,12 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error { } } - err = permitLoopback(session, baseObjects, 13) - if err != nil { - return wrapErr(err) - } - if restrictAll { + err = permitLoopback(session, baseObjects, 13) + if err != nil { + return wrapErr(err) + } + err = blockAll(session, baseObjects, 0) if err != nil { return wrapErr(err) |