diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-19 18:23:00 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-11-22 22:00:32 +0100 |
commit | 06447c39fad2398e4c35c56acc5e66cc1e581f65 (patch) | |
tree | bd9d332f9d114ce2ae8f147b637c4900438aa547 /tunnel/addressconfig.go | |
parent | installer: remove admin knobs in cleanup (diff) | |
download | wireguard-windows-06447c39fad2398e4c35c56acc5e66cc1e581f65.tar.xz wireguard-windows-06447c39fad2398e4c35c56acc5e66cc1e581f65.zip |
tunnel: only enable DNS blocking for 0/0 configs
This lets people use split tunnel DNS for the more common case.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'tunnel/addressconfig.go')
-rw-r--r-- | tunnel/addressconfig.go | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/tunnel/addressconfig.go b/tunnel/addressconfig.go index 6aba9ce8..c293df1b 100644 --- a/tunnel/addressconfig.go +++ b/tunnel/addressconfig.go @@ -180,7 +180,6 @@ func configureInterface(family winipcfg.AddressFamily, conf *conf.Config, tun *t } func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { - restrictAll := false if len(conf.Peers) == 1 { nextallowedip: for _, allowedip := range conf.Peers[0].AllowedIPs { @@ -190,13 +189,10 @@ func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error { continue nextallowedip } } - restrictAll = true - break + log.Println("Enabling firewall rules") + return firewall.EnableFirewall(tun.LUID(), conf.Interface.DNS) } } } - if restrictAll && len(conf.Interface.DNS) == 0 { - log.Println("Warning: no DNS server specified, despite having an allowed IPs of 0.0.0.0/0 or ::/0. There may be connectivity issues.") - } - return firewall.EnableFirewall(tun.LUID(), conf.Interface.DNS, restrictAll) + return nil } |