diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-01-31 14:41:54 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-03-16 09:47:52 +0100 |
| commit | 7610fcbfd8df8ecac6bd45ee8da54a7cd002b469 (patch) | |
| tree | 2a769c468c01b0e0a4f91fb41455998aa009c525 | |
| parent | 8b24d7dc78a77a264b60f7f3d36fbfbd28e5e52d (diff) | |
| download | mullvadvpn-7610fcbfd8df8ecac6bd45ee8da54a7cd002b469.tar.xz mullvadvpn-7610fcbfd8df8ecac6bd45ee8da54a7cd002b469.zip | |
Permit traffic to unique local addresses with "Allow LAN" enabled
| -rw-r--r-- | talpid-core/src/firewall/mod.rs | 3 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/baseline/permitlan.cpp | 2 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp | 2 |
3 files changed, 6 insertions, 1 deletions
diff --git a/talpid-core/src/firewall/mod.rs b/talpid-core/src/firewall/mod.rs index 9c81dd63df..9a02321031 100644 --- a/talpid-core/src/firewall/mod.rs +++ b/talpid-core/src/firewall/mod.rs @@ -31,12 +31,13 @@ pub use self::imp::Error; #[cfg(unix)] lazy_static! { /// When "allow local network" is enabled the app will allow traffic to and from these networks. - pub(crate) static ref ALLOWED_LAN_NETS: [IpNetwork; 5] = [ + pub(crate) static ref ALLOWED_LAN_NETS: [IpNetwork; 6] = [ IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(10, 0, 0, 0), 8).unwrap()), IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(172, 16, 0, 0), 12).unwrap()), IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(192, 168, 0, 0), 16).unwrap()), IpNetwork::V4(Ipv4Network::new(Ipv4Addr::new(169, 254, 0, 0), 16).unwrap()), IpNetwork::V6(Ipv6Network::new(Ipv6Addr::new(0xfe80, 0, 0, 0, 0, 0, 0, 0), 10).unwrap()), + IpNetwork::V6(Ipv6Network::new(Ipv6Addr::new(0xfd00, 0, 0, 0, 0, 0, 0, 0), 8).unwrap()), ]; /// When "allow local network" is enabled the app will allow traffic to these networks. pub(crate) static ref ALLOWED_LAN_MULTICAST_NETS: [IpNetwork; 5] = [ diff --git a/windows/winfw/src/winfw/rules/baseline/permitlan.cpp b/windows/winfw/src/winfw/rules/baseline/permitlan.cpp index b9a24cf038..f0038f2421 100644 --- a/windows/winfw/src/winfw/rules/baseline/permitlan.cpp +++ b/windows/winfw/src/winfw/rules/baseline/permitlan.cpp @@ -90,8 +90,10 @@ bool PermitLan::applyIpv6(IObjectInstaller &objectInstaller) const wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6({ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 10); + const wfp::IpNetwork uniqueLocal(wfp::IpAddress::Literal6({ 0xFD00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 8); conditionBuilder.add_condition(ConditionIp::Remote(linkLocal)); + conditionBuilder.add_condition(ConditionIp::Remote(uniqueLocal)); if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) { diff --git a/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp b/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp index 7534e08462..041afd5492 100644 --- a/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp +++ b/windows/winfw/src/winfw/rules/baseline/permitlanservice.cpp @@ -66,8 +66,10 @@ bool PermitLanService::applyIpv6(IObjectInstaller &objectInstaller) const wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6); const wfp::IpNetwork linkLocal(wfp::IpAddress::Literal6{ 0xFE80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }, 10); + const wfp::IpNetwork uniqueLocal(wfp::IpAddress::Literal6({ 0xFD00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }), 8); conditionBuilder.add_condition(ConditionIp::Remote(linkLocal)); + conditionBuilder.add_condition(ConditionIp::Remote(uniqueLocal)); return objectInstaller.addFilter(filterBuilder, conditionBuilder); } |