From 20f9b0386d62fa8df8835fec7238188ab87e792a Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 4 May 2019 22:40:19 +0200
Subject: ui: syntax: implement trafic blocking semantics

This is our "auto kill switch".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 service/ifaceconfig.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'service/ifaceconfig.go')

diff --git a/service/ifaceconfig.go b/service/ifaceconfig.go
index 6f2320cf..e12a1b41 100644
--- a/service/ifaceconfig.go
+++ b/service/ifaceconfig.go
@@ -275,9 +275,15 @@ func enableFirewall(conf *conf.Config, tun *tun.NativeTun) error {
 	}
 	restrictDNS := len(conf.Interface.Dns) > 0
 	restrictAll := false
-	for _, peer := range conf.Peers {
-		for _, allowedip := range peer.AllowedIPs {
+	if len(conf.Peers) == 1 {
+	nextallowedip:
+		for _, allowedip := range conf.Peers[0].AllowedIPs {
 			if allowedip.Cidr == 0 {
+				for _, b := range allowedip.IP {
+					if b != 0 {
+						continue nextallowedip
+					}
+				}
 				restrictAll = true
 				break
 			}
-- 
cgit v1.2.3-59-g8ed1b