diff --git a/system.go b/system.go index 356c93b..5c0228c 100644 --- a/system.go +++ b/system.go @@ -4,6 +4,7 @@ import ( "context" "net" "net/netip" + "runtime" "syscall" "time" @@ -97,6 +98,12 @@ func (s *System) Close() error { } func (s *System) Start() error { + if runtime.GOOS == "windows" { + err := fixFirewall() + if err != nil { + return E.Cause(err, "fix windows firewall for system stack") + } + } var listener net.ListenConfig if s.bindInterface { listener.Control = control.Append(listener.Control, func(network, address string, conn syscall.RawConn) error { diff --git a/system_windows.go b/system_windows.go new file mode 100644 index 0000000..85b7157 --- /dev/null +++ b/system_windows.go @@ -0,0 +1,25 @@ +package tun + +import ( + E "github.com/sagernet/sing/common/exceptions" + "os" + + "github.com/sagernet/sing/common/shell" +) + +func fixFirewall() error { + profiles := []string{"Public", "Private"} + for _, profile := range profiles { + output, err := shell.Exec("powershell.exe", + "New-NetFirewallRule", "-DisplayName", "sing-box: allow system tun stack for path "+os.Args[0], + "-Direction", "Inbound", + "-Program", os.Args[0], + "-Action", "Allow", + "-Profile", profile, + ).CombinedOutput() + if err != nil { + return E.Extend(err, output) + } + } + return nil +}