Add api authentication via firewall

2019-07-30 13:07:50 +02:00
parent c6332dda7d
commit ab6bdc5f0e
2 changed files with 118 additions and 4 deletions
--- a/firewall/firewall.go
+++ b/firewall/firewall.go
@@ -50,6 +50,11 @@ func prep() (err error) {
 		return err
 	}

+	err = prepAPIAuth()
+	if err != nil {
+		return err
+	}
+
 	_, localNet4, err = net.ParseCIDR("127.0.0.0/24")
 	// Yes, this would normally be 127.0.0.0/8
 	// TODO: figure out any side effects
@@ -77,12 +82,9 @@ func prep() (err error) {
 }

 func start() error {
+	startAPIAuth()
 	go statLogger()
 	go run()
-	// go run()
-	// go run()
-	// go run()
-
 	go portsInUseCleaner()

 	return interception.Start()
@@ -108,6 +110,15 @@ func handlePacket(pkt packet.Packet) {
 		return
 	}

+	// allow api access, if address was parsed successfully
+	if apiAddressSet {
+		if (pkt.Info().DstPort == apiPort && pkt.Info().Dst.Equal(apiIP)) || (pkt.Info().SrcPort == apiPort && pkt.Info().Src.Equal(apiIP)) {
+			log.Debugf("accepting api connection: %s", pkt)
+			pkt.PermanentAccept()
+			return
+		}
+	}
+
 	// // redirect dns (if we know that it's not our own request)
 	// if pkt.IsOutbound() && intel.RemoteIsActiveNameserver(pkt) {
 	// 	log.Debugf("redirecting dns: %s", pkt)