[client] Improve route acl (#2705)

- Update nftables library to v0.2.0 - Mark traffic that was originally destined for local and applies the input rules in the forward chain if said traffic was redirected (e.g. by Docker) - Add nft rules to internal map only if flush was successful - Improve error message if handle is 0 (= not found or hasn't been refreshed) - Add debug logging when route rules are added - Replace nftables userdata (rule ID) with a rule hash
2025-08-18 19:09:09 +02:00 · 2024-10-10 15:54:34 +02:00
parent 208a2b7169
commit 09bdd271f1
11 changed files with 267 additions and 74 deletions
--- a/util/net/net.go
+++ b/util/net/net.go
@@ -11,7 +11,8 @@ import (

 const (
 	// NetbirdFwmark is the fwmark value used by Netbird via wireguard
-	NetbirdFwmark = 0x1BD00
+	NetbirdFwmark    = 0x1BD00
+	PreroutingFwmark = 0x1BD01

 	envDisableCustomRouting = "NB_DISABLE_CUSTOM_ROUTING"
 )