Add method to killswitch for expanding strickt mode exceptions list and fix allowTrafficTo() for Windows. Also Added cache in KillSwitch class for exceptions
This commit is contained in:
aiamnezia
parent
b88cb4303a
commit
e46b51a833
6 changed files with 34 additions and 6 deletions
|
|
@ -455,9 +455,6 @@ void LinuxFirewall::updateDNSServers(const QStringList& servers)
|
|||
|
||||
void LinuxFirewall::updateAllowNets(const QStringList& servers)
|
||||
{
|
||||
static QStringList existingServers {};
|
||||
|
||||
existingServers = servers;
|
||||
execute(QStringLiteral("iptables -F %1.110.allowNets").arg(kAnchorName));
|
||||
for (const QString& rule : getAllowRule(servers))
|
||||
execute(QStringLiteral("iptables -A %1.110.allowNets %2").arg(kAnchorName, rule));
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ class IpcInterface
|
|||
SLOT( bool disableAllTraffic() );
|
||||
SLOT( bool refreshKillSwitch( bool enabled ) );
|
||||
SLOT( bool allowTrafficTo( const QStringList ranges ) );
|
||||
SLOT( bool addKillSwitchExceptions( const QStringList ranges ) );
|
||||
SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
|
||||
SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );
|
||||
SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
|
||||
|
|
|
|||
|
|
@ -184,6 +184,11 @@ bool IpcServer::allowTrafficTo(QStringList ranges)
|
|||
return KillSwitch::instance()->allowTrafficTo(ranges);
|
||||
}
|
||||
|
||||
bool IpcServer::addKillSwitchExceptions(QStringList ranges)
|
||||
{
|
||||
return KillSwitch::instance()->addAllowedRange(ranges);
|
||||
}
|
||||
|
||||
bool IpcServer::disableAllTraffic()
|
||||
{
|
||||
return KillSwitch::instance()->disableAllTraffic();
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ public:
|
|||
virtual bool disableKillSwitch() override;
|
||||
virtual bool refreshKillSwitch( bool enabled ) override;
|
||||
virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
|
||||
virtual bool addKillSwitchExceptions(QStringList ranges) override;
|
||||
|
||||
private:
|
||||
int m_localpid = 0;
|
||||
|
|
|
|||
|
|
@ -125,6 +125,7 @@ bool KillSwitch::disableKillSwitch() {
|
|||
return WindowsFirewall::create(this)->allowAllTraffic();
|
||||
#endif
|
||||
|
||||
m_allowedRanges.clear();
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -150,28 +151,49 @@ bool KillSwitch::disableAllTraffic() {
|
|||
MacOSFirewall::setAnchorEnabled(QStringLiteral("000.allowLoopback"), true);
|
||||
MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
|
||||
#endif
|
||||
m_allowedRanges.clear();
|
||||
return true;
|
||||
}
|
||||
|
||||
bool KillSwitch::allowTrafficTo(const QStringList &ranges) {
|
||||
|
||||
m_allowedRanges = ranges;
|
||||
|
||||
#ifdef Q_OS_LINUX
|
||||
LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), true);
|
||||
LinuxFirewall::updateAllowNets(ranges);
|
||||
LinuxFirewall::updateAllowNets(m_allowedRanges);
|
||||
#endif
|
||||
|
||||
#ifdef Q_OS_MACOS
|
||||
MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), true);
|
||||
MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), true, QStringLiteral("allownets"), ranges);
|
||||
MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), true, QStringLiteral("allownets"), m_allowedRanges);
|
||||
#endif
|
||||
|
||||
#ifdef Q_OS_WIN
|
||||
WindowsFirewall::create(this)->allowTrafficRange(ranges);
|
||||
if (isStrictKillSwitchEnabled()) {
|
||||
WindowsFirewall::create(this)->enableInterface(-1);
|
||||
}
|
||||
WindowsFirewall::create(this)->allowTrafficRange(m_allowedRanges);
|
||||
#endif
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool KillSwitch::addAllowedRange(const QStringList &ranges) {
|
||||
for (const QString &range : ranges) {
|
||||
if (!range.isEmpty() && !m_allowedRanges.contains(range)) {
|
||||
m_allowedRanges.append(range);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef Q_OS_WIN
|
||||
WindowsFirewall::create(this)->allowTrafficRange(ranges);
|
||||
return true;
|
||||
#else
|
||||
return allowTrafficTo(m_allowedRanges);
|
||||
#endif
|
||||
}
|
||||
|
||||
bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
|
||||
#ifdef Q_OS_WIN
|
||||
InterfaceConfig config;
|
||||
|
|
|
|||
|
|
@ -18,10 +18,12 @@ public:
|
|||
bool enablePeerTraffic(const QJsonObject &configStr);
|
||||
bool enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex);
|
||||
bool allowTrafficTo(const QStringList &ranges);
|
||||
bool addAllowedRange(const QStringList &ranges);
|
||||
bool isStrictKillSwitchEnabled();
|
||||
|
||||
private:
|
||||
KillSwitch(QObject* parent) {};
|
||||
QStringList m_allowedRanges;
|
||||
QSharedPointer<SecureQSettings> m_appSettigns;
|
||||
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue