some changes around iptables

2025-10-09 02:30:49 +08:00 · 2022-04-22 13:04:34 -04:00
parent 5aae277551
commit 6eab0498fc
5 changed files with 33 additions and 17 deletions
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -33,6 +33,7 @@ func GetExtPeersList(node *models.Node) ([]models.ExtPeersResponse, error) {
 			logger.Log(2, "failed to unmarshal ext client")
 			continue
 		}
+
 		if extClient.Enabled && extClient.Network == node.Network && extClient.IngressGatewayID == node.ID {
 			peers = append(peers, peer)
 		}
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -97,6 +97,7 @@ func GetNodePeers(network *models.Network, nodeid string, excludeRelayed bool, i
 							peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address)
 						}
 						if network.IsIPv6 == "yes" && currentExtClients[i].Address6 != "" {
+							fmt.Printf("append ext client address6 %s \n", currentExtClients[i].Address6)
 							peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address6)
 						}
 					}
@@ -281,21 +282,27 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, error) {
 			continue
 		}

+		var allowedips []net.IPNet
 		var peer wgtypes.PeerConfig
+		if extPeer.Address != "" {
 			var peeraddr = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address),
 				Mask: net.CIDRMask(32, 32),
 			}
-		var allowedips []net.IPNet
+			if peeraddr.IP != nil && peeraddr.Mask != nil {
 				allowedips = append(allowedips, peeraddr)
+			}
+		}

 		if extPeer.Address6 != "" {
 			var addr6 = net.IPNet{
 				IP:   net.ParseIP(extPeer.Address6),
 				Mask: net.CIDRMask(128, 128),
 			}
+			if addr6.IP != nil && addr6.Mask != nil {
 				allowedips = append(allowedips, addr6)
 			}
+		}
 		peer = wgtypes.PeerConfig{
 			PublicKey:         pubkey,
 			ReplaceAllowedIPs: true,
--- a/logic/server.go
+++ b/logic/server.go
@@ -347,22 +347,27 @@ func GetServerExtPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, error) {
 		if serverNode.PublicKey == extPeer.PublicKey {
 			continue
 		}
+		var allowedips = []net.IPNet{}

 		var peer wgtypes.PeerConfig
-		var peeraddr = net.IPNet{
+		if extPeer.Address != "" {
+			newAddr := net.IPNet{
 				IP:   net.ParseIP(extPeer.Address),
 				Mask: net.CIDRMask(32, 32),
 			}
-		var allowedips = []net.IPNet{
-			peeraddr,
+			if &newAddr != nil {
+				allowedips = append(allowedips, newAddr)
+			}
 		}

 		if extPeer.Address6 != "" {
-			var addr6 = net.IPNet{
+			newAddr6 := net.IPNet{
 				IP:   net.ParseIP(extPeer.Address6),
 				Mask: net.CIDRMask(128, 128),
 			}
-			allowedips = append(allowedips, addr6)
+			if &newAddr6 != nil {
+				allowedips = append(allowedips, newAddr6)
+			}
 		}
 		peer = wgtypes.PeerConfig{
 			PublicKey:         pubkey,
@@ -374,6 +379,7 @@ func GetServerExtPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, error) {
 	}
 	tempPeers = nil
 	extPeers = nil
+	fmt.Printf("appended peers: %v \n", peers)
 	return peers, err
 }

--- a/netclient/wireguard/common.go
+++ b/netclient/wireguard/common.go
@@ -68,8 +68,10 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 		var allowedips string
 		var iparr []string
 		for _, ipaddr := range peer.AllowedIPs {
+			if len(peer.AllowedIPs) > 0 && (&ipaddr) != nil {
 				iparr = append(iparr, ipaddr.String())
 			}
+		}
 		allowedips = strings.Join(iparr, ",")
 		keepAliveString := strconv.Itoa(int(keepalive))
 		if keepAliveString == "0" {
--- a/serverctl/iptables.go
+++ b/serverctl/iptables.go
@@ -77,7 +77,7 @@ func isContainerized() bool {

 // make sure host allows forwarding
 func setForwardPolicy() error {
-	logger.Log(1, "setting iptables forward policy")
+	logger.Log(2, "setting iptables forward policy")
 	_, err := ncutils.RunCmd("iptables --policy FORWARD ACCEPT", false)
 	return err
 }