Skip to content

Commit

Permalink
[client] Fix allow netbird rule verdict (#2925)
Browse files Browse the repository at this point in the history 
* Fix allow netbird rule verdict

* Fix chain name
  • Loading branch information
@lixmal
lixmal authored Nov 21, 2024
1 parent aa575d6 commit 1bbabf7
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions client/firewall/nftables/manager_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ func (m *Manager) AllowNetbird() error {

var chain *nftables.Chain
for _, c := range chains {
if c.Table.Name == tableNameFilter && c.Name == chainNameForward {
if c.Table.Name == tableNameFilter && c.Name == chainNameInput {
chain = c
break
}
Expand Down Expand Up @@ -276,7 +276,7 @@ func (m *Manager) resetNetbirdInputRules() error {

func (m *Manager) deleteNetbirdInputRules(chains []*nftables.Chain) {
for _, c := range chains {
if c.Table.Name == "filter" && c.Name == "INPUT" {
if c.Table.Name == tableNameFilter && c.Name == chainNameInput {
rules, err := m.rConn.GetRules(c.Table, c)
if err != nil {
log.Errorf("get rules for chain %q: %v", c.Name, err)
Expand Down Expand Up @@ -351,7 +351,9 @@ func (m *Manager) applyAllowNetbirdRules(chain *nftables.Chain) {
Register: 1,
Data: ifname(m.wgIface.Name()),
},
&expr.Verdict{},
&expr.Verdict{
Kind: expr.VerdictAccept,
},
},
UserData: []byte(allowNetbirdInputRuleID),
}
Expand Down

0 comments on commit 1bbabf7

Please sign in to comment.