zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-10 19:20:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

some changes around iptables

Browse Source
This commit is contained in:
0xdcarns
2022-04-22 13:04:34 -04:00
parent 5aae277551
commit 6eab0498fc
5 changed files with 33 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
logic/extpeers.go
View File

@@ -33,6 +33,7 @@ func GetExtPeersList(node *models.Node) ([]models.ExtPeersResponse, error) {
logger.Log(2, "failed to unmarshal ext client") logger.Log(2, "failed to unmarshal ext client")
continue continue
} }
if extClient.Enabled && extClient.Network == node.Network && extClient.IngressGatewayID == node.ID { if extClient.Enabled && extClient.Network == node.Network && extClient.IngressGatewayID == node.ID {
peers = append(peers, peer) peers = append(peers, peer)
} }

9
logic/peers.go
View File

@@ -97,6 +97,7 @@ func GetNodePeers(network *models.Network, nodeid string, excludeRelayed bool, i
peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address) peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address)
} }
if network.IsIPv6 == "yes" && currentExtClients[i].Address6 != "" { if network.IsIPv6 == "yes" && currentExtClients[i].Address6 != "" {
fmt.Printf("append ext client address6 %s \n", currentExtClients[i].Address6)
peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address6) peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address6)
} }
} }
@@ -281,21 +282,27 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, error) {
continue continue
} }
var allowedips []net.IPNet
var peer wgtypes.PeerConfig var peer wgtypes.PeerConfig
if extPeer.Address != "" {
var peeraddr = net.IPNet{ var peeraddr = net.IPNet{
IP: net.ParseIP(extPeer.Address), IP: net.ParseIP(extPeer.Address),
Mask: net.CIDRMask(32, 32), Mask: net.CIDRMask(32, 32),
} }
var allowedips []net.IPNet if peeraddr.IP != nil && peeraddr.Mask != nil {
allowedips = append(allowedips, peeraddr) allowedips = append(allowedips, peeraddr)
}
}
if extPeer.Address6 != "" { if extPeer.Address6 != "" {
var addr6 = net.IPNet{ var addr6 = net.IPNet{
IP: net.ParseIP(extPeer.Address6), IP: net.ParseIP(extPeer.Address6),
Mask: net.CIDRMask(128, 128), Mask: net.CIDRMask(128, 128),
} }
if addr6.IP != nil && addr6.Mask != nil {
allowedips = append(allowedips, addr6) allowedips = append(allowedips, addr6)
} }
}
peer = wgtypes.PeerConfig{ peer = wgtypes.PeerConfig{
PublicKey: pubkey, PublicKey: pubkey,
ReplaceAllowedIPs: true, ReplaceAllowedIPs: true,

16
logic/server.go
View File

@@ -347,22 +347,27 @@ func GetServerExtPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, error) {
if serverNode.PublicKey == extPeer.PublicKey { if serverNode.PublicKey == extPeer.PublicKey {
continue continue
} }
var allowedips = []net.IPNet{}
var peer wgtypes.PeerConfig var peer wgtypes.PeerConfig
var peeraddr = net.IPNet{ if extPeer.Address != "" {
newAddr := net.IPNet{
IP: net.ParseIP(extPeer.Address), IP: net.ParseIP(extPeer.Address),
Mask: net.CIDRMask(32, 32), Mask: net.CIDRMask(32, 32),
} }
var allowedips = []net.IPNet{ if &newAddr != nil {
peeraddr, allowedips = append(allowedips, newAddr)
}
} }
if extPeer.Address6 != "" { if extPeer.Address6 != "" {
var addr6 = net.IPNet{ newAddr6 := net.IPNet{
IP: net.ParseIP(extPeer.Address6), IP: net.ParseIP(extPeer.Address6),
Mask: net.CIDRMask(128, 128), Mask: net.CIDRMask(128, 128),
} }
allowedips = append(allowedips, addr6) if &newAddr6 != nil {
allowedips = append(allowedips, newAddr6)
}
} }
peer = wgtypes.PeerConfig{ peer = wgtypes.PeerConfig{
PublicKey: pubkey, PublicKey: pubkey,
@@ -374,6 +379,7 @@ func GetServerExtPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, error) {
} }
tempPeers = nil tempPeers = nil
extPeers = nil extPeers = nil
fmt.Printf("appended peers: %v \n", peers)
return peers, err return peers, err
} }

2
netclient/wireguard/common.go
View File

@@ -68,8 +68,10 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
var allowedips string var allowedips string
var iparr []string var iparr []string
for _, ipaddr := range peer.AllowedIPs { for _, ipaddr := range peer.AllowedIPs {
if len(peer.AllowedIPs) > 0 && (&ipaddr) != nil {
iparr = append(iparr, ipaddr.String()) iparr = append(iparr, ipaddr.String())
} }
}
allowedips = strings.Join(iparr, ",") allowedips = strings.Join(iparr, ",")
keepAliveString := strconv.Itoa(int(keepalive)) keepAliveString := strconv.Itoa(int(keepalive))
if keepAliveString == "0" { if keepAliveString == "0" {

2
serverctl/iptables.go
View File

@@ -77,7 +77,7 @@ func isContainerized() bool {
// make sure host allows forwarding // make sure host allows forwarding
func setForwardPolicy() error { func setForwardPolicy() error {
logger.Log(1, "setting iptables forward policy") logger.Log(2, "setting iptables forward policy")
_, err := ncutils.RunCmd("iptables --policy FORWARD ACCEPT", false) _, err := ncutils.RunCmd("iptables --policy FORWARD ACCEPT", false)
return err return err
} }