webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

util/linuxfw,wgengine/router: allow incoming CGNAT range traffic with nodeattr

Browse Source 
Clients with the newly added node attribute
`"disable-linux-cgnat-drop-rule"` will not automatically drop inbound
traffic on non-Tailscale network interfaces with the source IP in the
CGNAT IP range. This is an initial proof-of-concept for enabling
connectivity with off-Tailnet CGNAT endpoints.

Fixes tailscale/corp#36270.

Signed-off-by: Naman Sood <mail@nsood.in>
This commit is contained in:
Naman Sood
2026-04-14 16:45:06 -04:00
committed by GitHub
parent 5834058269
commit 6301a6ce4b
14 changed files with 527 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wgengine/router/router_test.go
+1 -1
View File
@@ -15,7 +15,7 @@ func TestConfigEqual(t *testing.T) {
testedFields := []string{
"LocalAddrs", "Routes", "LocalRoutes", "NewMTU",
"SubnetRoutes", "SNATSubnetRoutes", "StatefulFiltering",
"NetfilterMode", "NetfilterKind",
"NetfilterMode", "NetfilterKind", "RemoveCGNATDropRule",
}
configType := reflect.TypeFor[Config]()
configFields := []string{}