Might fix #82

- Allow any input traffic on Shadowsocks port if Shadowsocks is enabled - Allow any input traffic on TinyProxy port if TinyProxy is enabled
qdm12 · Feb 16, 2020 · 0956239 · 0956239
1 parent ded635b
commit 0956239
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -136,6 +136,8 @@ func main() {
 	if allSettings.TinyProxy.Enabled {
 		err = tinyProxyConf.MakeConf(allSettings.TinyProxy.LogLevel, allSettings.TinyProxy.Port, allSettings.TinyProxy.User, allSettings.TinyProxy.Password, uid, gid)
 		e.FatalOnError(err)
+		err = firewallConf.AllowAnyIncomingOnPort(allSettings.TinyProxy.Port)
+		e.FatalOnError(err)
 		stream, waitFn, err := tinyProxyConf.Start()
 		e.FatalOnError(err)
 		go func() {
@@ -149,6 +151,8 @@ func main() {
 	if allSettings.ShadowSocks.Enabled {
 		err = shadowsocksConf.MakeConf(allSettings.ShadowSocks.Port, allSettings.ShadowSocks.Password, uid, gid)
 		e.FatalOnError(err)
+		err = firewallConf.AllowAnyIncomingOnPort(allSettings.ShadowSocks.Port)
+		e.FatalOnError(err)
 		stream, waitFn, err := shadowsocksConf.Start("0.0.0.0", allSettings.ShadowSocks.Port, allSettings.ShadowSocks.Password, allSettings.ShadowSocks.Log)
 		e.FatalOnError(err)
 		go func() {

diff --git a/internal/firewall/firewall.go b/internal/firewall/firewall.go
@@ -24,6 +24,7 @@ type Configurator interface {
 	AddRoutesVia(subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error
 	GetDefaultRoute() (defaultInterface string, defaultGateway net.IP, defaultSubnet net.IPNet, err error)
 	AllowInputTrafficOnPort(device models.VPNDevice, port uint16) error
+	AllowAnyIncomingOnPort(port uint16) error
 }
 
 type configurator struct {

diff --git a/internal/firewall/iptables.go b/internal/firewall/iptables.go
@@ -128,3 +128,11 @@ func (c *configurator) AllowInputTrafficOnPort(device models.VPNDevice, port uin
 		fmt.Sprintf("-A INPUT -i %s -p udp --dport %d -j ACCEPT", device, port),
 	})
 }
+
+func (c *configurator) AllowAnyIncomingOnPort(port uint16) error {
+	c.logger.Info("%s: accepting any input traffic on port %d", logPrefix, port)
+	return c.runIptablesInstructions([]string{
+		fmt.Sprintf("-A INPUT -p tcp --dport %d -j ACCEPT", port),
+		fmt.Sprintf("-A INPUT -p udp --dport %d -j ACCEPT", port),
+	})
+}