firewall: use service-specific SID

author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-21 13:13:32 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-05-22 15:26:54 +0200
commit: d41f190c7f164d2141d1c26eff3ffb8feda04618 (patch)
tree: 25fa246ec63edfc6380239aae3a925905e984982 /tunnel/firewall/blocker.go
parent: README: avoid confusion about downloads (diff)
download: wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.tar.xz
wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/tunnel/firewall/blocker.go b/tunnel/firewall/blocker.go
index 8034935d..cdb656b0 100644
--- a/tunnel/firewall/blocker.go
+++ b/tunnel/firewall/blocker.go
@@ -124,6 +124,11 @@ func EnableFirewall(luid uint64, restrictToDNSServers []net.IP, restrictAll bool
 			return wrapErr(err)
 		}
 
+		err = permitWireGuardService(session, baseObjects, 15)
+		if err != nil {
+			return wrapErr(err)
+		}
+
 		if len(restrictToDNSServers) > 0 {
 			err = blockDNS(restrictToDNSServers, session, baseObjects, 15, 14)
 			if err != nil {
@@ -143,11 +148,6 @@ func EnableFirewall(luid uint64, restrictToDNSServers []net.IP, restrictAll bool
 			return wrapErr(err)
 		}
 
-		err = permitWireGuardService(session, baseObjects, 12)
-		if err != nil {
-			return wrapErr(err)
-		}
-
 		if restrictAll {
 			err = permitDHCPIPv4(session, baseObjects, 12)
 			if err != nil {
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-21 13:13:32 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-05-22 15:26:54 +0200
commit	d41f190c7f164d2141d1c26eff3ffb8feda04618 (patch)
tree	25fa246ec63edfc6380239aae3a925905e984982 /tunnel/firewall/blocker.go
parent	README: avoid confusion about downloads (diff)
download	wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.tar.xz wireguard-windows-d41f190c7f164d2141d1c26eff3ffb8feda04618.zip