From 0898d7b2bfa509b4ce4557e624a2dbd8fbb27c50 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@ip-172-31-1-87.ap-south-1.compute.internal>
Date: Thu, 22 Oct 2020 03:49:34 +0000
Subject: [PATCH] Engine only specifies interface to iptables if requested by
 user

---
 engine.py | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/engine.py b/engine.py
index e3b2c89..e1a2a30 100644
--- a/engine.py
+++ b/engine.py
@@ -119,7 +119,9 @@ class Engine():
         self.censorship_detected = False
 
         self.interface = interface
+        self.specify_interface = True # track whether a single interface was specified
         if not interface:
+            self.specify_interface = False
             self.interface = actions.utils.get_interface()
 
         # Specifically define an L3Socket to send our packets. This is an optimization
@@ -226,19 +228,26 @@ class Engine():
         add_or_remove = "A"
         if remove:
             add_or_remove = "D"
+
+        out_interface = ""
+        in_interface = ""
+        if self.specify_interface:
+            out_interface = "-o %s " % self.interface
+            in_interface = "-i %s " % self.interface
+
         cmds = []
         for proto in ["tcp", "udp"]:
-            cmds += ["iptables -%s %s -p %s --%s %d -o %s -j NFQUEUE --queue-num %d" %
-                    (add_or_remove, out_chain, proto, port1, self.server_port, self.interface, self.out_queue_num),
-                    "iptables -%s %s -p %s --%s %d -i %s -j NFQUEUE --queue-num %d" %
-                    (add_or_remove, in_chain, proto, port2, self.server_port, self.interface, self.in_queue_num)]
+            cmds += ["iptables -%s %s -p %s --%s %d %s-j NFQUEUE --queue-num %d" %
+                    (add_or_remove, out_chain, proto, port1, self.server_port, out_interface, self.out_queue_num),
+                    "iptables -%s %s -p %s --%s %d %s-j NFQUEUE --queue-num %d" %
+                    (add_or_remove, in_chain, proto, port2, self.server_port, in_interface, self.in_queue_num)]
             # If this machine is acting as a middlebox, we need to add the same rules again
             # in the opposite direction so that we can pass packets back and forth
             if self.forwarder:
-                cmds += ["iptables -%s %s -p %s --%s %d -o %s -j NFQUEUE --queue-num %d" %
-                    (add_or_remove, out_chain, proto, port2, self.server_port, self.interface, self.out_queue_num),
-                    "iptables -%s %s -p %s --%s %d -i %s -j NFQUEUE --queue-num %d" %
-                    (add_or_remove, in_chain, proto, port1, self.server_port, self.interface, self.in_queue_num)]
+                cmds += ["iptables -%s %s -p %s --%s %d %s-j NFQUEUE --queue-num %d" %
+                    (add_or_remove, out_chain, proto, port2, self.server_port, out_interface, self.out_queue_num),
+                    "iptables -%s %s -p %s --%s %d %s-j NFQUEUE --queue-num %d" %
+                    (add_or_remove, in_chain, proto, port1, self.server_port, in_interface, self.in_queue_num)]
 
         for cmd in cmds:
             self.logger.debug(cmd)