diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-04 00:53:35 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-04 00:53:35 +0200 |
| commit | c542b50555285484178746c0c7a1c39d07c9b59c (patch) | |
| tree | 3ef66c2e0c9aa8424f4243b7606dcf5642caade0 /service/firewall | |
| parent | ui: specify default action in tray (diff) | |
| download | wireguard-windows-c542b50555285484178746c0c7a1c39d07c9b59c.tar.xz wireguard-windows-c542b50555285484178746c0c7a1c39d07c9b59c.zip | |
firewall: do not add unused permit rules when !restrictAll
Diffstat (limited to 'service/firewall')
| -rw-r--r-- | service/firewall/blocker.go | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/service/firewall/blocker.go b/service/firewall/blocker.go index 507c8946..b796aa7f 100644 --- a/service/firewall/blocker.go +++ b/service/firewall/blocker.go @@ -132,19 +132,21 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error { return wrapErr(err) } - err = permitDhcpIpv4(session, baseObjects, 15) - if err != nil { - return wrapErr(err) - } + if restrictAll { + err = permitDhcpIpv4(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } - err = permitDhcpIpv6(session, baseObjects, 15) - if err != nil { - return wrapErr(err) - } + err = permitDhcpIpv6(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } - err = permitNdp(session, baseObjects, 15) - if err != nil { - return wrapErr(err) + err = permitNdp(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } } if restrictDNS { @@ -154,12 +156,12 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error { } } - err = permitLoopback(session, baseObjects, 13) - if err != nil { - return wrapErr(err) - } - if restrictAll { + err = permitLoopback(session, baseObjects, 13) + if err != nil { + return wrapErr(err) + } + err = blockAll(session, baseObjects, 0) if err != nil { return wrapErr(err) |