From bc544471205a844be75dfad6fbb5c83b0a0e13bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ant=C3=B3nio=20Meireles?= Date: Thu, 1 Dec 2016 14:40:11 +0000 Subject: [PATCH] fix internal port redirect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - handles #105. corectld now respects all sorts of custom host pf settings Signed-off-by: António Meireles --- components/server/dns.go | 6 ++- components/server/vpn.go | 83 ---------------------------------------- 2 files changed, 4 insertions(+), 85 deletions(-) delete mode 100644 components/server/vpn.go diff --git a/components/server/dns.go b/components/server/dns.go index ec0c9aa..98f7dd4 100644 --- a/components/server/dns.go +++ b/components/server/dns.go @@ -139,7 +139,8 @@ func (dns *DNSServer) PortForward() (err error) { session.Caller.Network.Address, EmbeddedDNSport) pfR.Close() exec.Command("/sbin/pfctl", "-e").Run() - return exec.Command("/sbin/pfctl", "-f", pfC.Name()).Run() + return exec.Command("/sbin/pfctl", "-a", "com.apple/corectl-dns-forwarding", + "-f", pfC.Name()).Run() } func (dns *DNSServer) Start() { @@ -169,7 +170,8 @@ type runner interface { } func teardownService() { - exec.Command("/sbin/pfctl", "-f", "/etc/pf.conf").Run() + exec.Command("/sbin/pfctl", "-a", "com.apple/corectl-dns-forwarding", + "-Fa").Run() Daemon.DNSServer.rmRecord("corectld", session.Caller.Network.Address) os.Remove("/etc/resolver/corectld") } diff --git a/components/server/vpn.go b/components/server/vpn.go deleted file mode 100644 index 84d8974..0000000 --- a/components/server/vpn.go +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright (c) 2016 by António Meireles . -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package server - -import ( - "fmt" - "io/ioutil" - "net" - "os" - "os/exec" - "strings" - - "github.com/TheNewNormal/corectl/components/host/session" - "github.com/deis/pkg/log" -) - -func detectVPN() (utun []string, err error) { - l, err := net.Interfaces() - if err != nil { - return - } - for _, f := range l { - if strings.HasPrefix(f.Name, "utun") { - utun = append(utun, f.Name) - } - } - return -} - -func HandleVPNtunnels() (f func(), err error) { - var vpnIfs []string - - if vpnIfs, err = detectVPN(); err != nil { - return - } - - f = func() { - if len(vpnIfs) == 0 { - return - } - log.Info("removing custom firewall rules for VPN handling") - for _, iface := range vpnIfs { - anchorName := fmt.Sprintf("com.apple/%snat", iface) - exec.Command("pfctl", "-a", anchorName, "-F", "nat").Output() - } - } - - if len(vpnIfs) > 0 { - log.Info("VPN detected: tweaking host firewall") - for _, iface := range vpnIfs { - var ruleFile *os.File - anchorName := fmt.Sprintf("com.apple/%snat", iface) - - if ruleFile, err = ioutil.TempFile("", "coreos"); err != nil { - return - } - r := fmt.Sprintf("nat on {%s} proto {tcp, udp, icmp} "+ - "from %s/24 to any -> {%s}\n", - iface, session.Caller.Network.Base(), iface) - ruleFile.Write([]byte(r)) - ruleFile.Close() - defer os.RemoveAll(ruleFile.Name()) - if _, err = exec.Command("pfctl", - "-a", anchorName, "-f", ruleFile.Name()).Output(); err != nil { - return - } - } - } - return -}