admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(firewall): deduplicate ipv6 multicast output accept rules

Browse Source
This commit is contained in:
Quentin McGaw
2024-10-06 09:46:47 +00:00
parent 7842ff4cdc
commit 9ef14ee070
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/firewall/enable.go
View File

@@ -106,12 +106,20 @@ func (c *Config) enable(ctx context.Context) (err error) {
return err return err
} }
localInterfaces := make(map[string]struct{}, len(c.localNetworks))
for _, network := range c.localNetworks { for _, network := range c.localNetworks {
if err := c.acceptOutputFromIPToSubnet(ctx, network.InterfaceName, network.IP, network.IPNet, remove); err != nil { if err := c.acceptOutputFromIPToSubnet(ctx, network.InterfaceName, network.IP, network.IPNet, remove); err != nil {
return err return err
} }
if err = c.acceptIpv6MulticastOutput(ctx, network.InterfaceName, remove); err != nil {
return err _, localInterfaceSeen := localInterfaces[network.InterfaceName]
if localInterfaceSeen {
continue
}
localInterfaces[network.InterfaceName] = struct{}{}
err = c.acceptIpv6MulticastOutput(ctx, network.InterfaceName, remove)
if err != nil {
return fmt.Errorf("accepting IPv6 multicast output: %w", err)
} }
} }