admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(iptables): use OUTPUT chain for test instead of INPUT

Browse Source
This commit is contained in:
Quentin McGaw
2022-04-11 21:05:12 +00:00
parent 10a13bc8a7
commit 71ab0416b0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/firewall/support.go
View File

@@ -22,7 +22,7 @@ func checkIptablesSupport(ctx context.Context, runner command.Runner,
var errMessage string
testInterfaceName := randomInterfaceName()
for _, iptablesPath = range iptablesPathsToTry {
cmd := exec.CommandContext(ctx, iptablesPath, "-A", "INPUT", "-i", testInterfaceName, "-j", "DROP")
cmd := exec.CommandContext(ctx, iptablesPath, "-A", "OUTPUT", "-o", testInterfaceName, "-j", "DROP")
errMessage, err = runner.Run(cmd)
if err == nil {
break
@@ -42,7 +42,7 @@ func checkIptablesSupport(ctx context.Context, runner command.Runner,
}
// Cleanup test rule
cmd := exec.CommandContext(ctx, iptablesPath, "-D", "INPUT", "-i", testInterfaceName, "-j", "DROP")
cmd := exec.CommandContext(ctx, iptablesPath, "-D", "OUTPUT", "-o", testInterfaceName, "-j", "DROP")
errMessage, err = runner.Run(cmd)
if err != nil {
return "", fmt.Errorf("%w: %s (%s)", ErrTestRuleCleanup, errMessage, err)