fix(firewall): deduplicate VPN address accept rule for multiple default routes with the same network interface

2024-10-06 09:48:07 +00:00
parent 9ef14ee070
commit 99e9bc87cf
1 changed files with 6 additions and 0 deletions
--- a/internal/firewall/enable.go
+++ b/internal/firewall/enable.go
@@ -157,7 +157,13 @@ func (c *Config) allowVPNIP(ctx context.Context) (err error) {
 	}

 	const remove = false
+	interfacesSeen := make(map[string]struct{}, len(c.defaultRoutes))
 	for _, defaultRoute := range c.defaultRoutes {
+		_, seen := interfacesSeen[defaultRoute.NetInterface]
+		if seen {
+			continue
+		}
+		interfacesSeen[defaultRoute.NetInterface] = struct{}{}
 		err = c.acceptOutputTrafficToVPN(ctx, defaultRoute.NetInterface, c.vpnConnection, remove)
 		if err != nil {
 			return fmt.Errorf("accepting output traffic through VPN: %w", err)