diff options
| author | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-08-14 00:46:46 +0200 |
|---|---|---|
| committer | HimbeerserverDE <himbeerserverde@gmail.com> | 2023-08-14 00:47:06 +0200 |
| commit | 733a036da4ccd3c067f33695582495615ac55bcd (patch) | |
| tree | 4116c1a3166854d37ee38bc9da7406c36a929db4 | |
| parent | 158c46c64977425422dcf2b625941474f67ef2b3 (diff) | |
add dslite ruleset0.5.0
| -rw-r--r-- | Cargo.lock | 8 | ||||
| -rw-r--r-- | Cargo.toml | 4 | ||||
| -rw-r--r-- | src/main.rs | 44 |
3 files changed, 50 insertions, 6 deletions
@@ -390,7 +390,7 @@ checksum = "436b050e76ed2903236f032a59761c1eb99e1b0aead2c257922771dab1fc8c78" [[package]] name = "rsdsl_netfilterd" -version = "0.4.0" +version = "0.5.0" dependencies = [ "failure", "rustables", @@ -399,8 +399,8 @@ dependencies = [ [[package]] name = "rustables" -version = "0.13.0" -source = "git+https://github.com/rsdsl/rustables.git#bf3a986d1369de8c8cf5b558591d2d87bebab46e" +version = "0.14.0" +source = "git+https://github.com/rsdsl/rustables.git#51c17bf3e139def032aef6dca1b5b4256ff8e410" dependencies = [ "bindgen", "bitflags", @@ -416,7 +416,7 @@ dependencies = [ [[package]] name = "rustables-macros" version = "0.1.1" -source = "git+https://github.com/rsdsl/rustables.git#bf3a986d1369de8c8cf5b558591d2d87bebab46e" +source = "git+https://github.com/rsdsl/rustables.git#51c17bf3e139def032aef6dca1b5b4256ff8e410" dependencies = [ "once_cell", "proc-macro-error", @@ -1,11 +1,11 @@ [package] name = "rsdsl_netfilterd" -version = "0.4.0" +version = "0.5.0" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] failure = "0.1.8" -rustables = { git = "https://github.com/rsdsl/rustables.git", version = "0.13.0" } +rustables = { git = "https://github.com/rsdsl/rustables.git", version = "0.14.0" } thiserror = "1.0" diff --git a/src/main.rs b/src/main.rs index 4bb1f12..4d604af 100644 --- a/src/main.rs +++ b/src/main.rs @@ -88,6 +88,9 @@ fn filter() -> Result<()> { let allow_icmp6 = Rule::new(&input)?.icmpv6().accept(); batch.add(&allow_icmp6, MsgType::Add); + let allow_4in6 = Rule::new(&input)?.ip4in6().accept(); + batch.add(&allow_4in6, MsgType::Add); + let allow_6in4 = Rule::new(&input)?.ip6in4().accept(); batch.add(&allow_6in4, MsgType::Add); @@ -100,6 +103,9 @@ fn filter() -> Result<()> { let deny_wan = Rule::new(&input)?.iface("ppp0")?.drop(); batch.add(&deny_wan, MsgType::Add); + let deny_wan_dslite = Rule::new(&input)?.iface("dslite0")?.drop(); + batch.add(&deny_wan_dslite, MsgType::Add); + let deny_wan6in4 = Rule::new(&input)?.iface("he6in4")?.drop(); batch.add(&deny_wan6in4, MsgType::Add); @@ -152,6 +158,13 @@ fn filter() -> Result<()> { .clamp_mss_to_pmtu(); batch.add(&clamp_mss_inbound, MsgType::Add); + let clamp_mss_inbound_dslite = Rule::new(&forward)? + .iface("dslite0")? + .protocol(Protocol::TCP) + .syn()? + .clamp_mss_to_pmtu(); + batch.add(&clamp_mss_inbound_dslite, MsgType::Add); + let clamp_mss_inbound6in4 = Rule::new(&forward)? .iface("he6in4")? .protocol(Protocol::TCP) @@ -166,6 +179,13 @@ fn filter() -> Result<()> { .clamp_mss_to_pmtu(); batch.add(&clamp_mss_outbound, MsgType::Add); + let clamp_mss_outbound_dslite = Rule::new(&forward)? + .oface("dslite0")? + .protocol(Protocol::TCP) + .syn()? + .clamp_mss_to_pmtu(); + batch.add(&clamp_mss_outbound_dslite, MsgType::Add); + let clamp_mss_outbound6in4 = Rule::new(&forward)? .oface("he6in4")? .protocol(Protocol::TCP) @@ -179,6 +199,12 @@ fn filter() -> Result<()> { let allow_mgmt_to_wan = Rule::new(&forward)?.iface("eth0")?.oface("ppp0")?.accept(); batch.add(&allow_mgmt_to_wan, MsgType::Add); + let allow_mgmt_to_wan_dslite = Rule::new(&forward)? + .iface("eth0")? + .oface("dslite0")? + .accept(); + batch.add(&allow_mgmt_to_wan_dslite, MsgType::Add); + let allow_mgmt_to_wan6in4 = Rule::new(&forward)? .iface("eth0")? .oface("he6in4")? @@ -191,6 +217,12 @@ fn filter() -> Result<()> { .accept(); batch.add(&allow_trusted_to_wan, MsgType::Add); + let allow_trusted_to_wan_dslite = Rule::new(&forward)? + .iface("eth0.10")? + .oface("dslite0")? + .accept(); + batch.add(&allow_trusted_to_wan_dslite, MsgType::Add); + let allow_trusted_to_wan6in4 = Rule::new(&forward)? .iface("eth0.10")? .oface("he6in4")? @@ -203,6 +235,12 @@ fn filter() -> Result<()> { .accept(); batch.add(&allow_untrusted_to_wan, MsgType::Add); + let allow_untrusted_to_wan_dslite = Rule::new(&forward)? + .iface("eth0.20")? + .oface("dslite0")? + .accept(); + batch.add(&allow_untrusted_to_wan_dslite, MsgType::Add); + let allow_untrusted_to_wan6in4 = Rule::new(&forward)? .iface("eth0.20")? .oface("he6in4")? @@ -215,6 +253,12 @@ fn filter() -> Result<()> { .accept(); batch.add(&allow_exposed_to_wan, MsgType::Add); + let allow_exposed_to_wan_dslite = Rule::new(&forward)? + .iface("eth0.40")? + .oface("dslite0")? + .accept(); + batch.add(&allow_exposed_to_wan_dslite, MsgType::Add); + let allow_exposed_to_wan6in4 = Rule::new(&forward)? .iface("eth0.40")? .oface("he6in4")? |