From 329f7b0f66d04bd1ba641a2483862f35538664df Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 13 Oct 2022 14:20:15 +0200 Subject: [PATCH] Explicitly allow all connections of Portmaster Core Service --- profile/special.go | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/profile/special.go b/profile/special.go index 586dd1d7..dd7e3abc 100644 --- a/profile/special.go +++ b/profile/special.go @@ -202,7 +202,29 @@ func createSpecialProfile(profileID string, path string) *Profile { ID: PortmasterProfileID, Source: SourceLocal, PresentationPath: path, - Internal: true, + Config: map[string]interface{}{ + // In case anything slips through the internal self-allow, be sure to + // allow everything explicitly. + // Blocking connections here can lead to a very literal deadlock. + // This can currently happen, as fast-tracked connections are also + // reset in the OS integration and might show up in the connection + // handling if a packet in the other direction hits the firewall first. + CfgOptionDefaultActionKey: DefaultActionPermitValue, + CfgOptionBlockScopeInternetKey: status.SecurityLevelOff, + CfgOptionBlockScopeLANKey: status.SecurityLevelOff, + CfgOptionBlockScopeLocalKey: status.SecurityLevelOff, + CfgOptionBlockP2PKey: status.SecurityLevelOff, + CfgOptionBlockInboundKey: status.SecurityLevelOff, + CfgOptionEndpointsKey: []string{ + "+ *", + }, + CfgOptionServiceEndpointsKey: []string{ + "+ Localhost", + "+ LAN", + "- *", + }, + }, + Internal: true, }) case PortmasterAppProfileID: @@ -260,6 +282,8 @@ func specialProfileNeedsReset(profile *Profile) bool { switch profile.ID { case SystemResolverProfileID: return canBeUpgraded(profile, "21.10.2022") + case PortmasterProfileID: + return canBeUpgraded(profile, "21.10.2022") case PortmasterAppProfileID: return canBeUpgraded(profile, "8.9.2021") default: