From fc2e21cfd6185b791552257ebf13c5f3b4096c36 Mon Sep 17 00:00:00 2001 From: Timmy Welch Date: Tue, 24 Dec 2024 11:09:11 -0800 Subject: [PATCH] Fix nft run --- internal/dhcp4d/dhcp4d.go | 2 +- internal/dns/dns.go | 8 ++++---- internal/netconfig/netconfig.go | 15 +++++++++++++-- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/internal/dhcp4d/dhcp4d.go b/internal/dhcp4d/dhcp4d.go index 4aea773..1e41718 100644 --- a/internal/dhcp4d/dhcp4d.go +++ b/internal/dhcp4d/dhcp4d.go @@ -362,7 +362,7 @@ func (h *Handler) serveDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options d Expiry: now.Add(h.leasePeriodForDevice(hwAddr)), Hostname: string(options[dhcp4.OptionHostName]), VendorIdentifier: string(bytes.ToValidUTF8(bytes.ReplaceAll(options[dhcp4.OptionVendorClassIdentifier], []byte{0}, []byte{}), []byte{})), - LastACK: h.timeNow(), + LastACK: h.timeNow(), } copy(lease.Addr, reqIP.To4()) diff --git a/internal/dns/dns.go b/internal/dns/dns.go index 27ab7ae..b2e515c 100644 --- a/internal/dns/dns.go +++ b/internal/dns/dns.go @@ -599,7 +599,7 @@ func (s *Server) handleRequest(w dns.ResponseWriter, r *dns.Msg) { // DNS has no reply for resolving errors } -func (s *Server) getSubname(domain string, queryName string) (IP,bool) { +func (s *Server) getSubname(domain string, queryName string) (IP, bool) { name := strings.TrimSuffix(queryName, ".") name = strings.TrimSuffix(name, ".lan") // trim lan domain name = strings.TrimSuffix(name, "."+string(s.domain)) // trim server domain @@ -607,14 +607,14 @@ func (s *Server) getSubname(domain string, queryName string) (IP,bool) { if ip, ok := s.subname(domain, name); ok { return ip, true } - return IP{},false + return IP{}, false } func (s *Server) resolveSubname(domain string, q dns.Question) (dns.RR, error) { if q.Qclass != dns.ClassINET { return nil, nil } - ip,ok := s.getSubname(domain,q.Name) + ip, ok := s.getSubname(domain, q.Name) if q.Qtype == dns.TypeA || q.Qtype == dns.TypeAAAA /*|| q.Qtype == dns.TypeMX*/ { if ok { if q.Qtype == dns.TypeA && ip.IPv4.To4() != nil { @@ -665,7 +665,7 @@ func (s *Server) subnameHandler(domain lcHostname) func(w dns.ResponseWriter, r } // Send an authoritative NXDOMAIN for local names: - if _,ok := s.getSubname(string(domain),r.Question[0].Name);r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") { + if _, ok := s.getSubname(string(domain), r.Question[0].Name); r.Question[0].Qtype == dns.TypePTR || (r.Question[0].Qtype == dns.TypeCNAME && ok) || !strings.Contains(strings.TrimSuffix(r.Question[0].Name, "."), ".") || strings.HasSuffix(r.Question[0].Name, ".lan.") { s.promInc("local", r) m := new(dns.Msg) m.SetReply(r) diff --git a/internal/netconfig/netconfig.go b/internal/netconfig/netconfig.go index 78518e2..43bf20c 100644 --- a/internal/netconfig/netconfig.go +++ b/internal/netconfig/netconfig.go @@ -1241,13 +1241,15 @@ func Apply(dir, root string, firewall bool) error { log.Println("Applying custom firewall") cmd := &exec.Cmd{ Path: "/user/nft", - Args: []string{"/user/nft", "-f/etc/firewall.nft"}, - Env: os.Environ(), + Args: []string{"/user/nft", "-ef", "/etc/firewall.nft"}, + Env: cleanEnviron(os.Environ()), Stdout: os.Stdout, Stderr: os.Stderr, } if err := cmd.Run(); err != nil { appendError(fmt.Errorf("firewall: nft: %v", err)) + } else { + log.Println("Custom firewall successfully applied:", cmd.ProcessState.ExitCode()) } } else { log.Println("Firewall Disabled") @@ -1263,3 +1265,12 @@ func Apply(dir, root string, firewall bool) error { } return nil } + +func cleanEnviron(environ []string) []string { + for i, env := range environ { + if strings.Contains(env, "GOKRAZY") { + environ[i] = "" + } + } + return environ +}