Add method to killswitch for expanding strickt mode exceptions list and fix allowTrafficTo() for Windows. Also Added cache in KillSwitch class for exceptions
This commit is contained in:
aiamnezia
parent
b88cb4303a
commit
e46b51a833
6 changed files with 34 additions and 6 deletions
|
|
@ -455,9 +455,6 @@ void LinuxFirewall::updateDNSServers(const QStringList& servers)
|
||||||
|
|
||||||
void LinuxFirewall::updateAllowNets(const QStringList& servers)
|
void LinuxFirewall::updateAllowNets(const QStringList& servers)
|
||||||
{
|
{
|
||||||
static QStringList existingServers {};
|
|
||||||
|
|
||||||
existingServers = servers;
|
|
||||||
execute(QStringLiteral("iptables -F %1.110.allowNets").arg(kAnchorName));
|
execute(QStringLiteral("iptables -F %1.110.allowNets").arg(kAnchorName));
|
||||||
for (const QString& rule : getAllowRule(servers))
|
for (const QString& rule : getAllowRule(servers))
|
||||||
execute(QStringLiteral("iptables -A %1.110.allowNets %2").arg(kAnchorName, rule));
|
execute(QStringLiteral("iptables -A %1.110.allowNets %2").arg(kAnchorName, rule));
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ class IpcInterface
|
||||||
SLOT( bool disableAllTraffic() );
|
SLOT( bool disableAllTraffic() );
|
||||||
SLOT( bool refreshKillSwitch( bool enabled ) );
|
SLOT( bool refreshKillSwitch( bool enabled ) );
|
||||||
SLOT( bool allowTrafficTo( const QStringList ranges ) );
|
SLOT( bool allowTrafficTo( const QStringList ranges ) );
|
||||||
|
SLOT( bool addKillSwitchExceptions( const QStringList ranges ) );
|
||||||
SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
|
SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
|
||||||
SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );
|
SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );
|
||||||
SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
|
SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
|
||||||
|
|
|
||||||
|
|
@ -184,6 +184,11 @@ bool IpcServer::allowTrafficTo(QStringList ranges)
|
||||||
return KillSwitch::instance()->allowTrafficTo(ranges);
|
return KillSwitch::instance()->allowTrafficTo(ranges);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool IpcServer::addKillSwitchExceptions(QStringList ranges)
|
||||||
|
{
|
||||||
|
return KillSwitch::instance()->addAllowedRange(ranges);
|
||||||
|
}
|
||||||
|
|
||||||
bool IpcServer::disableAllTraffic()
|
bool IpcServer::disableAllTraffic()
|
||||||
{
|
{
|
||||||
return KillSwitch::instance()->disableAllTraffic();
|
return KillSwitch::instance()->disableAllTraffic();
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@ public:
|
||||||
virtual bool disableKillSwitch() override;
|
virtual bool disableKillSwitch() override;
|
||||||
virtual bool refreshKillSwitch( bool enabled ) override;
|
virtual bool refreshKillSwitch( bool enabled ) override;
|
||||||
virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
|
virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
|
||||||
|
virtual bool addKillSwitchExceptions(QStringList ranges) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
int m_localpid = 0;
|
int m_localpid = 0;
|
||||||
|
|
|
||||||
|
|
@ -125,6 +125,7 @@ bool KillSwitch::disableKillSwitch() {
|
||||||
return WindowsFirewall::create(this)->allowAllTraffic();
|
return WindowsFirewall::create(this)->allowAllTraffic();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
m_allowedRanges.clear();
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -150,28 +151,49 @@ bool KillSwitch::disableAllTraffic() {
|
||||||
MacOSFirewall::setAnchorEnabled(QStringLiteral("000.allowLoopback"), true);
|
MacOSFirewall::setAnchorEnabled(QStringLiteral("000.allowLoopback"), true);
|
||||||
MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
|
MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
|
||||||
#endif
|
#endif
|
||||||
|
m_allowedRanges.clear();
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool KillSwitch::allowTrafficTo(const QStringList &ranges) {
|
bool KillSwitch::allowTrafficTo(const QStringList &ranges) {
|
||||||
|
|
||||||
|
m_allowedRanges = ranges;
|
||||||
|
|
||||||
#ifdef Q_OS_LINUX
|
#ifdef Q_OS_LINUX
|
||||||
LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), true);
|
LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), true);
|
||||||
LinuxFirewall::updateAllowNets(ranges);
|
LinuxFirewall::updateAllowNets(m_allowedRanges);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef Q_OS_MACOS
|
#ifdef Q_OS_MACOS
|
||||||
MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), true);
|
MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), true);
|
||||||
MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), true, QStringLiteral("allownets"), ranges);
|
MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), true, QStringLiteral("allownets"), m_allowedRanges);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef Q_OS_WIN
|
#ifdef Q_OS_WIN
|
||||||
WindowsFirewall::create(this)->allowTrafficRange(ranges);
|
if (isStrictKillSwitchEnabled()) {
|
||||||
|
WindowsFirewall::create(this)->enableInterface(-1);
|
||||||
|
}
|
||||||
|
WindowsFirewall::create(this)->allowTrafficRange(m_allowedRanges);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool KillSwitch::addAllowedRange(const QStringList &ranges) {
|
||||||
|
for (const QString &range : ranges) {
|
||||||
|
if (!range.isEmpty() && !m_allowedRanges.contains(range)) {
|
||||||
|
m_allowedRanges.append(range);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef Q_OS_WIN
|
||||||
|
WindowsFirewall::create(this)->allowTrafficRange(ranges);
|
||||||
|
return true;
|
||||||
|
#else
|
||||||
|
return allowTrafficTo(m_allowedRanges);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
|
bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
|
||||||
#ifdef Q_OS_WIN
|
#ifdef Q_OS_WIN
|
||||||
InterfaceConfig config;
|
InterfaceConfig config;
|
||||||
|
|
|
||||||
|
|
@ -18,10 +18,12 @@ public:
|
||||||
bool enablePeerTraffic(const QJsonObject &configStr);
|
bool enablePeerTraffic(const QJsonObject &configStr);
|
||||||
bool enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex);
|
bool enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex);
|
||||||
bool allowTrafficTo(const QStringList &ranges);
|
bool allowTrafficTo(const QStringList &ranges);
|
||||||
|
bool addAllowedRange(const QStringList &ranges);
|
||||||
bool isStrictKillSwitchEnabled();
|
bool isStrictKillSwitchEnabled();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
KillSwitch(QObject* parent) {};
|
KillSwitch(QObject* parent) {};
|
||||||
|
QStringList m_allowedRanges;
|
||||||
QSharedPointer<SecureQSettings> m_appSettigns;
|
QSharedPointer<SecureQSettings> m_appSettigns;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue