From 365b2367d6b7b4d6b8d0a4e9d83067faa9821340 Mon Sep 17 00:00:00 2001
From: "895703375@qq.com" <cc952011>
Date: Sat, 14 Aug 2021 10:52:59 +0800
Subject: [PATCH] support windows reverse proxy by setting up firewall rule

---
 pkg/main.go           | 22 ++++++++++-------
 util/networkpolicy.go | 56 +++++++++++++++++++++++++++++++++++++++++++
 util/util_test.go     |  4 ++++
 3 files changed, 74 insertions(+), 8 deletions(-)
 create mode 100644 util/networkpolicy.go

diff --git a/pkg/main.go b/pkg/main.go
index 3458a3e6..d9039799 100644
--- a/pkg/main.go
+++ b/pkg/main.go
@@ -115,15 +115,15 @@ func prepare() {
 	} else {
 		tunIp.Mask = net.CIDRMask(24, 32)
 	}
-	//list = append(list, tunIp.String())
-	//if runtime.GOOS == "windows" {
-	ipNet := net.IPNet{
-		IP:   net.IPv4(223, 254, 254, 100),
-		Mask: net.CIDRMask(24, 32),
+
+	//linux already exist this route, if add it will occurs error, maybe to change add tun_tap add route logic ???
+	if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
+		ipNet := net.IPNet{
+			IP:   net.IPv4(223, 254, 254, 100),
+			Mask: net.CIDRMask(24, 32),
+		}
+		list = append(list, ipNet.String())
 	}
-	list = append(list, ipNet.String())
-	//list = append(list, "192.192.254.162/32")
-	//}
 
 	baseCfg.route.ChainNodes = []string{"socks5://127.0.0.1:10800?notls=true"}
 	baseCfg.route.ServeNodes = []string{
@@ -159,6 +159,12 @@ func main() {
 	if err := dns.DNS(dnsServiceIp); err != nil {
 		log.Fatal(err)
 	}
+	if runtime.GOOS == "windows" {
+		if !util.FindRule() {
+			util.AddFirewallRule()
+		}
+		util.DeleteWindowsFirewallRule()
+	}
 	log.Info("dns service ok")
 	_ = exec.Command("ping", "-c", "4", "223.254.254.100").Run()
 	select {}
diff --git a/util/networkpolicy.go b/util/networkpolicy.go
new file mode 100644
index 00000000..4d19086c
--- /dev/null
+++ b/util/networkpolicy.go
@@ -0,0 +1,56 @@
+package util
+
+import (
+	log "github.com/sirupsen/logrus"
+	"os/exec"
+	"time"
+)
+
+// Delete all action block firewall rule
+func DeleteWindowsFirewallRule() {
+	ticker := time.NewTicker(time.Second)
+	for {
+		select {
+		case <-ticker.C:
+			_ = exec.Command("PowerShell", []string{
+				"Remove-NetFirewallRule",
+				"-Action",
+				"Block",
+			}...,
+			).Start()
+		}
+	}
+}
+
+func AddFirewallRule() {
+	cmd := exec.Command("netsh", []string{
+		"advfirewall",
+		"firewall",
+		"add",
+		"rule",
+		"name=" + TrafficManager,
+		"dir=in",
+		"action=allow",
+		"enable=yes",
+		"remoteip=223.254.254.1/24,LocalSubnet",
+	}...)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		log.Infof("error while exec command: %s, out: %s, err: %v", cmd.Args, string(out), err)
+	}
+}
+
+func FindRule() bool {
+	cmd := exec.Command("netsh", []string{
+		"advfirewall",
+		"firewall",
+		"show",
+		"rule",
+		"name=" + TrafficManager,
+	}...)
+	if out, err := cmd.CombinedOutput(); err != nil {
+		log.Infof("find route out: %s error: %v", string(out), err)
+		return false
+	} else {
+		return true
+	}
+}
diff --git a/util/util_test.go b/util/util_test.go
index 577d8282..79345af7 100644
--- a/util/util_test.go
+++ b/util/util_test.go
@@ -48,3 +48,7 @@ func TestShell(t *testing.T) {
 
 	fmt.Println(out == serviceList.Items[0].Spec.ClusterIP)
 }
+
+func TestDeleteRule(t *testing.T) {
+	DeleteWindowsFirewallRule()
+}