diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-04 22:40:19 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-05 13:34:54 +0200 |
commit | 20f9b0386d62fa8df8835fec7238188ab87e792a (patch) | |
tree | 72a2ac5a937643459bc4c07a5b657557225ca177 /service | |
parent | ui: use more windows icons (diff) | |
download | wireguard-windows-20f9b0386d62fa8df8835fec7238188ab87e792a.tar.xz wireguard-windows-20f9b0386d62fa8df8835fec7238188ab87e792a.zip |
ui: syntax: implement trafic blocking semantics
This is our "auto kill switch".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'service')
-rw-r--r-- | service/ifaceconfig.go | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/service/ifaceconfig.go b/service/ifaceconfig.go index 6f2320cf..e12a1b41 100644 --- a/service/ifaceconfig.go +++ b/service/ifaceconfig.go @@ -275,9 +275,15 @@ func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { } restrictDNS := len(conf.Interface.Dns) > 0 restrictAll := false - for _, peer := range conf.Peers { - for _, allowedip := range peer.AllowedIPs { + if len(conf.Peers) == 1 { + nextallowedip: + for _, allowedip := range conf.Peers[0].AllowedIPs { if allowedip.Cidr == 0 { + for _, b := range allowedip.IP { + if b != 0 { + continue nextallowedip + } + } restrictAll = true break } |