webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity

util/linuxfw, wgengine: allow ingress to magicsock UDP port on Linux (#10370)

Browse Source 
* util/linuxfw, wgengine: allow ingress to magicsock UDP port on Linux

Updates #9084.

Currently, we have to tell users to manually open UDP ports on Linux when
certain firewalls (like ufw) are enabled. This change automates the process of
adding and updating those firewall rules as magicsock changes what port it
listens on.

Signed-off-by: Naman Sood <mail@nsood.in>
This commit is contained in:
Naman Sood
2023-12-05 18:12:02 -05:00
committed by GitHub
parent aad5fb28b1
commit d46a4eced5
11 changed files with 385 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wgengine/router/router.go
+8
View File
@@ -27,6 +27,14 @@ type Router interface {
// implementation should handle gracefully.
Set(*Config) error
// UpdateMagicsockPort tells the OS network stack what port magicsock
// is currently listening on, so it can be threaded through firewalls
// and such. This is distinct from Set() since magicsock may rebind
// ports independently from the Config changing.
//
// network should be either "udp4" or "udp6".
UpdateMagicsockPort(port uint16, network string) error
// Close closes the router.
Close() error
}