Improve api firewall bypass

firewall/api.go

@@ -23,8 +23,7 @@ import (
 var (
 	dataRoot *utils.DirStructure
 
-	apiAddressSet bool
+	apiPortSet bool
-	apiIP         net.IP
 	apiPort    uint16
 )
 
@@ -35,11 +34,13 @@ func prepAPIAuth() error {
 
 func startAPIAuth() {
 	var err error
-	apiIP, apiPort, err = parseHostPort(apiListenAddress())
+	_, apiPort, err = parseHostPort(apiListenAddress())
 	if err != nil {
 		log.Warningf("firewall: failed to parse API address for improved api auth mechanism: %s", err)
+		return
 	}
-	apiAddressSet = true
+	apiPortSet = true
+	log.Tracef("firewall: api port set to %d", apiPort)
 }
 
 func apiAuthenticator(s *http.Server, r *http.Request) (grantAccess bool, err error) {

firewall/firewall.go

@@ -111,8 +111,8 @@ func handlePacket(pkt packet.Packet) {
 	}
 
 	// allow api access, if address was parsed successfully
-	if apiAddressSet {
+	if apiPortSet {
-		if (pkt.Info().DstPort == apiPort && pkt.Info().Dst.Equal(apiIP)) || (pkt.Info().SrcPort == apiPort && pkt.Info().Src.Equal(apiIP)) {
+		if (pkt.Info().DstPort == apiPort || pkt.Info().SrcPort == apiPort) && pkt.Info().Src.Equal(pkt.Info().Dst) {
 			log.Debugf("accepting api connection: %s", pkt)
 			pkt.PermanentAccept()
 			return