wf: loopback condition should use MatchTypeFlagsAllSet.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
5 years ago · 2919b3e3e6
parent 48c25fa36f
commit 2919b3e3e6
1 changed files with 2 additions and 2 deletions
--- a/wf/firewall.go
+++ b/wf/firewall.go
@ -152,7 +152,7 @@ func (f *Firewall) enable() error {
 		return fmt.Errorf("permitDNS failed: %w", err)
 	}
-	if err := f.permitLoopback(weightKnownTraffic); err != nil {
+	if err := f.permitLoopback(weightTailscaleTraffic); err != nil {
 		return fmt.Errorf("permitLoopback failed: %w", err)
 	}
@ -457,7 +457,7 @@ func (f *Firewall) permitLoopback(w weight) error {
 	condition := []*wf.Match{
 		{
 			Field: wf.FieldFlags,
-			Op:    wf.MatchTypeEqual,
+			Op:    wf.MatchTypeFlagsAllSet,
 			Value: wf.ConditionFlagIsLoopback,
 		},
 	}