diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-03 16:53:05 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-03 16:53:05 +0200 |
commit | f483a403713d1e8cf26d8d2e09b370a0f7003348 (patch) | |
tree | 18943c62deb6aa40cdaa4a2b6cad931546d0ff43 /service/ifaceconfig.go | |
parent | firewall: introduce incomplete untested prototype (diff) | |
download | wireguard-windows-f483a403713d1e8cf26d8d2e09b370a0f7003348.tar.xz wireguard-windows-f483a403713d1e8cf26d8d2e09b370a0f7003348.zip |
service: wire up firewall
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'service/ifaceconfig.go')
-rw-r--r-- | service/ifaceconfig.go | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/service/ifaceconfig.go b/service/ifaceconfig.go index d1f8f2d1..6f2320cf 100644 --- a/service/ifaceconfig.go +++ b/service/ifaceconfig.go @@ -12,6 +12,8 @@ import ( "golang.zx2c4.com/wireguard/device" "golang.zx2c4.com/wireguard/tun" "golang.zx2c4.com/wireguard/windows/conf" + "golang.zx2c4.com/wireguard/windows/service/firewall" + "log" "net" "sort" ) @@ -264,3 +266,26 @@ func configureInterface(conf *conf.Config, tun *tun.NativeTun) error { return nil } + +func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { + guid := tun.GUID() + luid, err := winipcfg.InterfaceGuidToLuid(&guid) + if err != nil { + return err + } + restrictDNS := len(conf.Interface.Dns) > 0 + restrictAll := false + for _, peer := range conf.Peers { + for _, allowedip := range peer.AllowedIPs { + if allowedip.Cidr == 0 { + restrictAll = true + break + } + } + } + if restrictAll && !restrictDNS { + name, _ := tun.Name() + log.Printf("[%s] Warning: no DNS server specified, despite having an allowed IPs of 0.0.0.0/0 or ::/0. There may be connectivity issues.", name) + } + return firewall.EnableFirewall(luid, restrictDNS, restrictAll) +} |