admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(firewall): deduplicate VPN address accept rule for multiple default routes with the same network interface

Browse Source
This commit is contained in:
Quentin McGaw
2024-10-06 09:48:07 +00:00
parent 9ef14ee070
commit 99e9bc87cf
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/firewall/enable.go
View File

@@ -157,7 +157,13 @@ func (c *Config) allowVPNIP(ctx context.Context) (err error) {
} }
const remove = false const remove = false
interfacesSeen := make(map[string]struct{}, len(c.defaultRoutes))
for _, defaultRoute := range c.defaultRoutes { for _, defaultRoute := range c.defaultRoutes {
_, seen := interfacesSeen[defaultRoute.NetInterface]
if seen {
continue
}
interfacesSeen[defaultRoute.NetInterface] = struct{}{}
err = c.acceptOutputTrafficToVPN(ctx, defaultRoute.NetInterface, c.vpnConnection, remove) err = c.acceptOutputTrafficToVPN(ctx, defaultRoute.NetInterface, c.vpnConnection, remove)
if err != nil { if err != nil {
return fmt.Errorf("accepting output traffic through VPN: %w", err) return fmt.Errorf("accepting output traffic through VPN: %w", err)