From 99e9bc87cfed7716fe2751f59d34bb0d62492b3a Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Sun, 6 Oct 2024 09:48:07 +0000 Subject: [PATCH] fix(firewall): deduplicate VPN address accept rule for multiple default routes with the same network interface --- internal/firewall/enable.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/internal/firewall/enable.go b/internal/firewall/enable.go index 94810784..30a6ebcd 100644 --- a/internal/firewall/enable.go +++ b/internal/firewall/enable.go @@ -157,7 +157,13 @@ func (c *Config) allowVPNIP(ctx context.Context) (err error) { } const remove = false + interfacesSeen := make(map[string]struct{}, len(c.defaultRoutes)) for _, defaultRoute := range c.defaultRoutes { + _, seen := interfacesSeen[defaultRoute.NetInterface] + if seen { + continue + } + interfacesSeen[defaultRoute.NetInterface] = struct{}{} err = c.acceptOutputTrafficToVPN(ctx, defaultRoute.NetInterface, c.vpnConnection, remove) if err != nil { return fmt.Errorf("accepting output traffic through VPN: %w", err)