diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-27 09:17:19 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-27 09:17:19 -0600 |
commit | 72bcd606919eee38379c21a4d870913bb75345db (patch) | |
tree | 3d8467ce4d1968097c7b1fc854937b638c9e635b /tunnel/addressconfig.go | |
parent | build: backport resume monitoring for timers (diff) | |
download | wireguard-windows-jd/no-dns-block.tar.xz wireguard-windows-jd/no-dns-block.zip |
firewall: do not block DNS when no kill-switchjd/no-dns-block
Diffstat (limited to 'tunnel/addressconfig.go')
-rw-r--r-- | tunnel/addressconfig.go | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/tunnel/addressconfig.go b/tunnel/addressconfig.go index a1e5dc59..6032d452 100644 --- a/tunnel/addressconfig.go +++ b/tunnel/addressconfig.go @@ -178,24 +178,27 @@ func configureInterface(family winipcfg.AddressFamily, conf *conf.Config, tun *t return nil } -func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { - restrictAll := false - if len(conf.Peers) == 1 { - nextallowedip: - for _, allowedip := range conf.Peers[0].AllowedIPs { - if allowedip.Cidr == 0 { - for _, b := range allowedip.IP { - if b != 0 { - continue nextallowedip - } +func shouldEnableFirewall(conf *conf.Config) bool { + if len(conf.Peers) != 1 { + return false + } +nextallowedip: + for _, allowedip := range conf.Peers[0].AllowedIPs { + if allowedip.Cidr == 0 { + for _, b := range allowedip.IP { + if b != 0 { + continue nextallowedip } - restrictAll = true - break } + return true } } - if restrictAll && len(conf.Interface.DNS) == 0 { + return false +} + +func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { + if len(conf.Interface.DNS) == 0 { log.Println("Warning: no DNS server specified, despite having an allowed IPs of 0.0.0.0/0 or ::/0. There may be connectivity issues.") } - return firewall.EnableFirewall(tun.LUID(), conf.Interface.DNS, restrictAll) + return firewall.EnableFirewall(tun.LUID(), conf.Interface.DNS) } |