2024-12-08 15:59:01 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2024-12-09 17:09:45 +00:00
|
|
|
"errors"
|
2024-12-08 15:59:01 +00:00
|
|
|
"fmt"
|
|
|
|
"isle/daemon/daecommon"
|
|
|
|
)
|
|
|
|
|
2024-12-09 17:09:45 +00:00
|
|
|
const vpnFirewallConfigChangeStagerName = "vpn-firewall-config"
|
|
|
|
|
2024-12-08 15:59:01 +00:00
|
|
|
type firewallRuleView struct {
|
|
|
|
Index int `yaml:"index"`
|
|
|
|
daecommon.ConfigFirewallRule `yaml:",inline"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func newFirewallRuleViews(
|
|
|
|
rules []daecommon.ConfigFirewallRule,
|
|
|
|
) []firewallRuleView {
|
|
|
|
views := make([]firewallRuleView, len(rules))
|
|
|
|
for i := range rules {
|
|
|
|
views[i] = firewallRuleView{
|
|
|
|
Index: i,
|
|
|
|
ConfigFirewallRule: rules[i],
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return views
|
|
|
|
}
|
|
|
|
|
|
|
|
type firewallView struct {
|
|
|
|
Outbound []firewallRuleView `yaml:"outbound"`
|
|
|
|
Inbound []firewallRuleView `yaml:"inbound"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func newFirewallView(firewallConfig daecommon.ConfigFirewall) firewallView {
|
|
|
|
return firewallView{
|
|
|
|
Outbound: newFirewallRuleViews(firewallConfig.Outbound),
|
|
|
|
Inbound: newFirewallRuleViews(firewallConfig.Inbound),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var subCmdVPNFirewallList = subCmd{
|
|
|
|
name: "list",
|
|
|
|
descr: "List all currently configured firewall rules",
|
|
|
|
do: doWithOutput(func(ctx subCmdCtx) (any, error) {
|
2024-12-09 17:09:45 +00:00
|
|
|
staged := ctx.flags.Bool(
|
|
|
|
"staged",
|
|
|
|
false,
|
|
|
|
"Return the firewall configuration with staged changes included",
|
|
|
|
)
|
|
|
|
|
2024-12-08 15:59:01 +00:00
|
|
|
ctx, err := ctx.withParsedFlags()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("parsing flags: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-12-09 17:09:45 +00:00
|
|
|
var firewallConfig daecommon.ConfigFirewall
|
|
|
|
if !*staged {
|
|
|
|
config, err := ctx.getDaemonRPC().GetConfig(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("getting network config: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
firewallConfig = config.VPN.Firewall
|
|
|
|
|
|
|
|
} else if ok, err := ctx.opts.changeStager.get(
|
|
|
|
&firewallConfig, vpnFirewallConfigChangeStagerName,
|
|
|
|
); err != nil {
|
|
|
|
return nil, fmt.Errorf("checking for staged changes: %w", err)
|
|
|
|
} else if !ok {
|
|
|
|
return nil, errors.New("no firewall configuration changes have been staged")
|
2024-12-08 15:59:01 +00:00
|
|
|
}
|
|
|
|
|
2024-12-09 17:09:45 +00:00
|
|
|
return newFirewallView(firewallConfig), nil
|
2024-12-08 15:59:01 +00:00
|
|
|
}),
|
|
|
|
}
|
|
|
|
|
|
|
|
var subCmdVPNFirewall = subCmd{
|
|
|
|
name: "firewall",
|
|
|
|
descr: "Sub-commands related to this host's VPN firewall",
|
|
|
|
do: func(ctx subCmdCtx) error {
|
|
|
|
return ctx.doSubCmd(
|
|
|
|
subCmdVPNFirewallList,
|
|
|
|
)
|
|
|
|
},
|
|
|
|
}
|