webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

util/linuxfw: fix stateful packet filtering in nftables mode

Browse Source 
To match iptables:
https://github.com/tailscale/tailscale/blob/b5dbf155b1b0fbd5947160d8bca4085c6ff039a5/util/linuxfw/iptables_runner.go#L536

Updates #12066

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
This commit is contained in:
Anton Tolchanov
2024-05-09 10:26:57 +01:00
committed by Anton Tolchanov
parent b5dbf155b1
commit ac638f32c0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
util/linuxfw/nftables_runner.go
+1 -1
View File
@@ -1773,7 +1773,7 @@ func makeStatefulRuleExprs(tunname string) []expr.Any {
// going to our TUN. // going to our TUN.
&expr.Meta{Key: expr.MetaKeyOIFNAME, Register: 1}, &expr.Meta{Key: expr.MetaKeyOIFNAME, Register: 1},
&expr.Cmp{ &expr.Cmp{
Op: expr.CmpOpNeq, Op: expr.CmpOpEq,
Register: 1, Register: 1,
Data: []byte(tunname), Data: []byte(tunname),
}, },