aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-05-04 00:53:35 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2019-05-04 00:53:35 +0200
commitb274f187d62b677513ab9eabf5a081e0a37a8d47 (patch)
tree3ef66c2e0c9aa8424f4243b7606dcf5642caade0
parentui: specify default action in tray (diff)
downloadwireguard-windows-b274f187d62b677513ab9eabf5a081e0a37a8d47.tar.xz
wireguard-windows-b274f187d62b677513ab9eabf5a081e0a37a8d47.zip
firewall: do not add unused permit rules when !restrictAll
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--service/firewall/blocker.go34
1 files changed, 18 insertions, 16 deletions
diff --git a/service/firewall/blocker.go b/service/firewall/blocker.go
index 507c8946..b796aa7f 100644
--- a/service/firewall/blocker.go
+++ b/service/firewall/blocker.go
@@ -132,19 +132,21 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error {
return wrapErr(err)
}
- err = permitDhcpIpv4(session, baseObjects, 15)
- if err != nil {
- return wrapErr(err)
- }
+ if restrictAll {
+ err = permitDhcpIpv4(session, baseObjects, 15)
+ if err != nil {
+ return wrapErr(err)
+ }
- err = permitDhcpIpv6(session, baseObjects, 15)
- if err != nil {
- return wrapErr(err)
- }
+ err = permitDhcpIpv6(session, baseObjects, 15)
+ if err != nil {
+ return wrapErr(err)
+ }
- err = permitNdp(session, baseObjects, 15)
- if err != nil {
- return wrapErr(err)
+ err = permitNdp(session, baseObjects, 15)
+ if err != nil {
+ return wrapErr(err)
+ }
}
if restrictDNS {
@@ -154,12 +156,12 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error {
}
}
- err = permitLoopback(session, baseObjects, 13)
- if err != nil {
- return wrapErr(err)
- }
-
if restrictAll {
+ err = permitLoopback(session, baseObjects, 13)
+ if err != nil {
+ return wrapErr(err)
+ }
+
err = blockAll(session, baseObjects, 0)
if err != nil {
return wrapErr(err)