vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 18:49:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add and fix port range rules and update documentation for it

Browse source
This commit is contained in:
Daniel 2021-10-13 17:34:48 +02:00
parent d0c1010311
commit 8a4ac913a1
3 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
profile/config.go
View file

@ -182,12 +182,24 @@ func registerConfiguration() error {
- Match anything: "*" - Match anything: "*"
Additionally, you may supply a protocol and port just behind that using numbers ("6/80") or names ("TCP/HTTP"). Additionally, you may supply a protocol and port just behind that using numbers ("6/80") or names ("TCP/HTTP").
In this case the rule is only matched if the protocol and port also match. Port ranges are defined by using a hyphen ("TCP/1-1024"). Omit the port to match any.
Example: "192.168.0.1 TCP/HTTP" Use a "*" for matching any protocol. If matching ports with any protocol, protocols without ports will not match.
Rules with protocol and port definitions only match if the protocol and port also match.
Ports are always compared to the destination port, thus, the local listening port for incoming connections.
Examples: "192.168.0.1 TCP/HTTP", "LAN UDP/50000-55000", "example.com */HTTPS", "1.1.1.1 ICMP"
Important: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection. Important: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.
`, `"`, "`") `, `"`, "`")
rulesValidationRegex := strings.Join([]string{
`^(\+|\-) `, // Rule verdict.
`[A-z0-9\.:\-*/]+`, // Entity matching.
`( `, // Start of optional matching.
`[A-z0-9*]+`, // Protocol matching.
`(/[A-z0-9]+(\-[A-z0-9]+)?)?`, // Port and port range matching.
`)?$`, // End of optional matching.
}, "")
// Endpoint Filter List // Endpoint Filter List
err = config.Register(&config.Option{ err = config.Register(&config.Option{
Name: "Outgoing Rules", Name: "Outgoing Rules",
@ -202,7 +214,7 @@ Important: DNS Requests are only matched against domain and filter list rules, a
config.DisplayOrderAnnotation: cfgOptionEndpointsOrder, config.DisplayOrderAnnotation: cfgOptionEndpointsOrder,
config.CategoryAnnotation: "Rules", config.CategoryAnnotation: "Rules",
}, },
ValidationRegex: `^(\+|\-) [A-z0-9\.:\-*/]+( [A-z0-9/]+)?$`, ValidationRegex: rulesValidationRegex,
}) })
if err != nil { if err != nil {
return err return err
@ -242,7 +254,7 @@ Important: DNS Requests are only matched against domain and filter list rules, a
}, },
}, },
}, },
ValidationRegex: `^(\+|\-) [A-z0-9\.:\-*/]+( [A-z0-9/]+)?$`, ValidationRegex: rulesValidationRegex,
}) })
if err != nil { if err != nil {
return err return err

6
profile/endpoints/endpoint.go
View file

@ -154,6 +154,9 @@ func (ep *EndpointBase) parsePPP(typedEp Endpoint, fields []string) (Endpoint, e
return nil, invalidDefinitionError(fields, "port number parsing error") return nil, invalidDefinitionError(fields, "port number parsing error")
} }
} }
if n16 == 0 {
return nil, invalidDefinitionError(fields, "port number cannot be 0")
}
ep.StartPort = n16 ep.StartPort = n16
// parse end port // parse end port
if len(portSplitted) > 1 { if len(portSplitted) > 1 {
@ -167,6 +170,9 @@ func (ep *EndpointBase) parsePPP(typedEp Endpoint, fields []string) (Endpoint, e
} }
} }
} }
if n16 == 0 {
return nil, invalidDefinitionError(fields, "port number cannot be 0")
}
ep.EndPort = n16 ep.EndPort = n16
} }
} }

2
profile/endpoints/reason.go
View file

@ -26,7 +26,7 @@ func (r *reason) String() string {
prefix = "allowed by rule: " prefix = "allowed by rule: "
} }
return prefix + r.description + " " + r.Value return prefix + r.description + " " + r.Filter[2:]
} }
func (r *reason) Context() interface{} { func (r *reason) Context() interface{} {