extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-09 15:25:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

[client] Fix missing inbound flows in Linux userspace mode with native router (#3624)

Browse Source 
* Fix missing inbound flows in Linux userspace mode with native router

* Fix route enable/disable order for userspace mode
This commit is contained in:
Viktor Liu
2025-04-05 11:41:31 +02:00
committed by GitHub
parent fbd783ad58
commit 5752bb78f2
3 changed files with 22 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
client/internal/engine.go
View File

@ -952,11 +952,6 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
return nil
}
// Apply ACLs in the beginning to avoid security leaks
if e.acl != nil {
e.acl.ApplyFiltering(networkMap)
}
if e.firewall != nil {
if localipfw, ok := e.firewall.(localIpUpdater); ok {
if err := localipfw.UpdateLocalIPs(); err != nil {
@ -975,6 +970,11 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
log.Errorf("failed to update clientRoutes, err: %v", err)
}
// acls might need routing to be enabled, so we apply after routes
if e.acl != nil {
e.acl.ApplyFiltering(networkMap)
}
// Ingress forward rules
if err := e.updateForwardRules(networkMap.GetForwardingRules()); err != nil {
log.Errorf("failed to update forward rules, err: %v", err)