diff options
| -rw-r--r-- | service/firewall/blocker.go | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/service/firewall/blocker.go b/service/firewall/blocker.go index 507c8946..b796aa7f 100644 --- a/service/firewall/blocker.go +++ b/service/firewall/blocker.go @@ -132,19 +132,21 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error { return wrapErr(err) } - err = permitDhcpIpv4(session, baseObjects, 15) - if err != nil { - return wrapErr(err) - } + if restrictAll { + err = permitDhcpIpv4(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } - err = permitDhcpIpv6(session, baseObjects, 15) - if err != nil { - return wrapErr(err) - } + err = permitDhcpIpv6(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } - err = permitNdp(session, baseObjects, 15) - if err != nil { - return wrapErr(err) + err = permitNdp(session, baseObjects, 15) + if err != nil { + return wrapErr(err) + } } if restrictDNS { @@ -154,12 +156,12 @@ func EnableFirewall(luid uint64, restrictDNS bool, restrictAll bool) error { } } - err = permitLoopback(session, baseObjects, 13) - if err != nil { - return wrapErr(err) - } - if restrictAll { + err = permitLoopback(session, baseObjects, 13) + if err != nil { + return wrapErr(err) + } + err = blockAll(session, baseObjects, 0) if err != nil { return wrapErr(err) |