From da601c28384785a8e7298aae72e12bb316f5a139 Mon Sep 17 00:00:00 2001 From: Viktor Liu Date: Thu, 21 Nov 2024 16:24:31 +0100 Subject: [PATCH 1/2] Fix allow netbird rule verdict --- client/firewall/nftables/manager_linux.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/client/firewall/nftables/manager_linux.go b/client/firewall/nftables/manager_linux.go index 3f8fac249a5..31f792e9c39 100644 --- a/client/firewall/nftables/manager_linux.go +++ b/client/firewall/nftables/manager_linux.go @@ -351,7 +351,9 @@ func (m *Manager) applyAllowNetbirdRules(chain *nftables.Chain) { Register: 1, Data: ifname(m.wgIface.Name()), }, - &expr.Verdict{}, + &expr.Verdict{ + Kind: expr.VerdictAccept, + }, }, UserData: []byte(allowNetbirdInputRuleID), } From d88c02a78b3cac539cdac94cc00fdbb067f831cf Mon Sep 17 00:00:00 2001 From: Viktor Liu Date: Thu, 21 Nov 2024 16:29:28 +0100 Subject: [PATCH 2/2] Fix chain name --- client/firewall/nftables/manager_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/firewall/nftables/manager_linux.go b/client/firewall/nftables/manager_linux.go index 31f792e9c39..8e1aa0d8043 100644 --- a/client/firewall/nftables/manager_linux.go +++ b/client/firewall/nftables/manager_linux.go @@ -199,7 +199,7 @@ func (m *Manager) AllowNetbird() error { var chain *nftables.Chain for _, c := range chains { - if c.Table.Name == tableNameFilter && c.Name == chainNameForward { + if c.Table.Name == tableNameFilter && c.Name == chainNameInput { chain = c break } @@ -276,7 +276,7 @@ func (m *Manager) resetNetbirdInputRules() error { func (m *Manager) deleteNetbirdInputRules(chains []*nftables.Chain) { for _, c := range chains { - if c.Table.Name == "filter" && c.Name == "INPUT" { + if c.Table.Name == tableNameFilter && c.Name == chainNameInput { rules, err := m.rConn.GetRules(c.Table, c) if err != nil { log.Errorf("get rules for chain %q: %v", c.Name, err)