diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-13 12:01:08 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-13 14:32:54 +0200 |
| commit | 911ddd047423607253d5b00d3d69ed79d45abcfa (patch) | |
| tree | 3c5351afadf0b7bdcad3c85422f4e49b351f19ab /service/ifaceconfig.go | |
| parent | ui: always do WM_SIZING hack in confview (diff) | |
| download | wireguard-windows-911ddd047423607253d5b00d3d69ed79d45abcfa.tar.xz wireguard-windows-911ddd047423607253d5b00d3d69ed79d45abcfa.zip | |
firewall: only allow specified dns servers
Diffstat (limited to '')
| -rw-r--r-- | service/ifaceconfig.go | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/service/ifaceconfig.go b/service/ifaceconfig.go index c6458b4e..2e4307cf 100644 --- a/service/ifaceconfig.go +++ b/service/ifaceconfig.go @@ -314,7 +314,6 @@ func configureInterface(conf *conf.Config, tun *tun.NativeTun) error { } func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { - restrictDNS := len(conf.Interface.Dns) > 0 restrictAll := false if len(conf.Peers) == 1 { nextallowedip: @@ -330,9 +329,9 @@ func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { } } } - if restrictAll && !restrictDNS { + if restrictAll && len(conf.Interface.Dns) == 0 { name, _ := tun.Name() log.Printf("[%s] Warning: no DNS server specified, despite having an allowed IPs of 0.0.0.0/0 or ::/0. There may be connectivity issues.", name) } - return firewall.EnableFirewall(tun.LUID(), restrictDNS, restrictAll) + return firewall.EnableFirewall(tun.LUID(), conf.Interface.Dns, restrictAll) } |