mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-20 14:41:38 +00:00
315d99f723
At present, Clients are only allowed to send packets to resources accessible via the Gateway but not to the Gateway itself. Thus, any application (including Firezone itself) that opens a listening socket on the TUN device will never receive any traffic. This has opens up interesting features like hosting additional services on the machine that the Gateway is running on. Concretely, in order to implement #8221, we will run a DNS server on port 53 of the TUN device as part of the Gateway. The diff for this ended up being a bit larger because we are introducing an `IpConfig` abstraction so we don't have to track 4 IP addresses as separate fields within `ClientOnGateway`; the connection-specific state on a Gateway. This is where we allow / deny traffic from a Client. To allow traffic for this particular Gateway, we need to know our own TUN IP configuration within the component.