diff options
| -rw-r--r-- | talpid-core/src/security/linux/mod.rs | 9 | ||||
| -rw-r--r-- | talpid-core/src/security/mod.rs | 3 |
2 files changed, 9 insertions, 3 deletions
diff --git a/talpid-core/src/security/linux/mod.rs b/talpid-core/src/security/linux/mod.rs index 455e4cc755..f4de49bfa9 100644 --- a/talpid-core/src/security/linux/mod.rs +++ b/talpid-core/src/security/linux/mod.rs @@ -309,7 +309,6 @@ impl<'a> PolicyBatch<'a> { let mut rule = Rule::new(chain)?; check_net(&mut rule, End::Src, IpNetwork::V4(*net))?; check_net(&mut rule, End::Dst, IpNetwork::V4(*net))?; - add_verdict(&mut rule, Verdict::Accept)?; self.batch.add(&rule, nftnl::MsgType::Add)?; @@ -320,12 +319,18 @@ impl<'a> PolicyBatch<'a> { let mut rule = Rule::new(&self.out_chain)?; check_net(&mut rule, End::Src, IpNetwork::V4(*net))?; check_net(&mut rule, End::Dst, IpNetwork::V4(*super::MULTICAST_NET))?; + add_verdict(&mut rule, Verdict::Accept)?; + + self.batch.add(&rule, nftnl::MsgType::Add)?; + // LAN -> SSDP + WS-Discovery protocols + let mut rule = Rule::new(&self.out_chain)?; + check_net(&mut rule, End::Src, IpNetwork::V4(*net))?; + check_ip(&mut rule, End::Dst, *super::SSDP_IP)?; add_verdict(&mut rule, Verdict::Accept)?; self.batch.add(&rule, nftnl::MsgType::Add)?; } - Ok(()) } } diff --git a/talpid-core/src/security/mod.rs b/talpid-core/src/security/mod.rs index 9e5fadeab9..70da5edea5 100644 --- a/talpid-core/src/security/mod.rs +++ b/talpid-core/src/security/mod.rs @@ -2,7 +2,7 @@ use ipnetwork::Ipv4Network; use std::fmt; #[cfg(unix)] -use std::net::Ipv4Addr; +use std::net::{IpAddr, Ipv4Addr}; use std::path::Path; use talpid_types::net::Endpoint; @@ -31,6 +31,7 @@ lazy_static! { ]; static ref MULTICAST_NET: Ipv4Network = Ipv4Network::new(Ipv4Addr::new(224, 0, 0, 0), 24).unwrap(); + static ref SSDP_IP: IpAddr = IpAddr::V4(Ipv4Addr::new(239, 255, 255, 250)); } /// A enum that describes network security strategy |