Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create iptables folder during firewall set up if it doesn't exist. #2457

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Create iptables folder during firewall set up if it doesn't exist. #2457

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions alvr/xtask/firewall/alvr_fw_config.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ iptables_cfg() {
second_port_match_count=$(iptables -S | grep -c '9944')
if [ "${1}" == 'add' ]; then
if [ "$first_port_match_count" == "0" ] || [ "$second_port_match_count" == "0" ]; then
if [ ! -d '/etc/iptables' ]; then
mkdir '/etc/iptables'
Copy link
Collaborator

@The-personified-devil The-personified-devil Oct 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not too sure about creating it with user ownership. Don't know if it actually matters tho

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I'm not sure we should be creating it if it doesn't exist its probably better to just warn with a message saying iptables are not setup on this distro

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tbh if iptables actually being used then I think it's perfectly fine to create the directory, since there shouldn't really be a reason why it doesn't exist, so it can't hurt creating it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We ask for root permission/user at the start of the script, so I don't think it would be created under the user? But I can see the reasoning for just popping out a warning rather than creating the folder implicitly.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea ur right, I should've actually looked at what the script's doing first, dunno why I assumed it wasn't doing permission elevation even if it clearly wouldn't work if it wasn't doing that. (Also I'm pretty sure you couldn't create the directory anyway if you weren't root.) Then I guess in that regard it's fine, not sure about whether just creating the directory or giving a warning for it is better tho

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think this is least intrusive operation, might be fine

fi

iptables -I OUTPUT -p tcp --sport 9943 -j ACCEPT
iptables -I INPUT -p tcp --dport 9943 -j ACCEPT
iptables -I OUTPUT -p udp --sport 9943 -j ACCEPT
Expand Down
Loading