diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-18 10:09:17 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-05-18 10:09:35 +0200 |
commit | a9a4d838cdc556743e6b37d4f43e76735cb6baf5 (patch) | |
tree | 2053082312f1eb95ff8773be9986dca3044b4989 /service | |
parent | version: bump (diff) | |
download | wireguard-windows-a9a4d838cdc556743e6b37d4f43e76735cb6baf5.tar.xz wireguard-windows-a9a4d838cdc556743e6b37d4f43e76735cb6baf5.zip |
firewall: don't add empty dns allow rules
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rw-r--r-- | service/firewall/rules.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/service/firewall/rules.go b/service/firewall/rules.go index 59df4840..76e2a85b 100644 --- a/service/firewall/rules.go +++ b/service/firewall/rules.go @@ -1162,7 +1162,7 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight // // #5 Allow IPv4 outbound DNS. // - { + if len(allowConditionsV4) > len(denyConditions) { displayData, err := createWtFwpmDisplayData0("Allow DNS outbound (IPv4)", "") if err != nil { return wrapErr(err) @@ -1180,7 +1180,7 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight // // #6 Allow IPv4 inbound DNS. // - { + if len(allowConditionsV4) > len(denyConditions) { displayData, err := createWtFwpmDisplayData0("Allow DNS inbound (IPv4)", "") if err != nil { return wrapErr(err) @@ -1201,7 +1201,7 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight // // #7 Allow IPv6 outbound DNS. // - { + if len(allowConditionsV6) > len(denyConditions) { displayData, err := createWtFwpmDisplayData0("Allow DNS outbound (IPv6)", "") if err != nil { return wrapErr(err) @@ -1219,7 +1219,7 @@ func blockDNS(except []net.IP, session uintptr, baseObjects *baseObjects, weight // // #8 Allow IPv6 inbound DNS. // - { + if len(allowConditionsV6) > len(denyConditions) { displayData, err := createWtFwpmDisplayData0("Allow DNS inbound (IPv6)", "") if err != nil { return wrapErr(err) |