From 009726f94ba896a85d8e52c112340dfbc0930529 Mon Sep 17 00:00:00 2001 From: Dmitrii Dolgov <9erthalion6@gmail.com> Date: Fri, 15 Nov 2024 16:13:41 +0100 Subject: [PATCH] Allow to configure firewalld (#30) Allow to configure firewalld Add the tun device to a firewalld trusted zone if requested. Co-authored-by: Olivier Valentin --- scripts/network/prepare-tap.sh | 16 +++++++++++++--- src/worker/network.rs | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/scripts/network/prepare-tap.sh b/scripts/network/prepare-tap.sh index e997e83..7230c6e 100755 --- a/scripts/network/prepare-tap.sh +++ b/scripts/network/prepare-tap.sh @@ -16,14 +16,16 @@ which ip &>/dev/null || stop "Don't have the ip tool" which whoami &>/dev/null || stop "Don't have the whoami tool" which iptables &>/dev/null || stop "Don't have the iptables tool" which sysctl &>/dev/null || stop "Don't have the sysctl tool" +which firewall-cmd &>/dev/null || stop "Don't have the firewal-cmd tool" -ADDRESS="192.168.0.1/16" -NAME="tun0" +ADDRESS="10.0.0.1/16" +NAME="berserker0" USER="$(whoami)" CONFIGURE_IPTABLE="false" +CONFIGURE_FIREWALLD="false" CONFIGURE_TUNTAP_IF_EXISTS="false" -while getopts ":a:t:u:io" opt; do +while getopts ":a:t:u:i:fo" opt; do case $opt in a) ADDRESS="${OPTARG}" ;; @@ -33,6 +35,8 @@ while getopts ":a:t:u:io" opt; do ;; i) CONFIGURE_IPTABLE="true" ;; + f) CONFIGURE_FIREWALD="true" + ;; o) CONFIGURE_TUNTAP_IF_EXISTS="true" ;; \?) echo "Invalid option -$OPTARG" >&2 @@ -58,6 +62,12 @@ ip link set "${NAME}" up echo "Assigning address ${ADDRESS} to device ${NAME}..." ip addr add "${ADDRESS}" dev "${NAME}" +if [[ "${CONFIGURE_FIREWALLD}" == "true" ]]; +then + echo "Adding to the trusted zone..." + firewall-cmd --zone=trusted --add-interface="${NAME}" +fi + if [[ "${CONFIGURE_IPTABLE}" == "true" ]]; then echo "Enabling ip forward..." diff --git a/src/worker/network.rs b/src/worker/network.rs index a7fa2fd..23edb44 100644 --- a/src/worker/network.rs +++ b/src/worker/network.rs @@ -217,7 +217,7 @@ impl NetworkWorker { &self, addr: Ipv4Address, ) -> (Interface, FaultInjector>, i32) { - let device_name = "tun0"; + let device_name = "berserker0"; let device = TunTapInterface::new(&device_name, Medium::Ip).unwrap(); let fd = device.as_raw_fd();