sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-20 09:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Process drop rules first (#3167)

Browse Source
This commit is contained in:
Viktor Liu
2025-01-15 17:51:08 +01:00
committed by GitHub
parent ea6c947f5d
commit 22991b3963
5 changed files with 295 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
client/firewall/iptables/router_linux.go
View File

@@ -135,7 +135,16 @@ func (r *router) AddRouteFiltering(
}
rule := genRouteFilteringRuleSpec(params)
if err := r.iptablesClient.Append(tableFilter, chainRTFWD, rule...); err != nil {
// Insert DROP rules at the beginning, append ACCEPT rules at the end
var err error
if action == firewall.ActionDrop {
// after the established rule
err = r.iptablesClient.Insert(tableFilter, chainRTFWD, 2, rule...)
} else {
err = r.iptablesClient.Append(tableFilter, chainRTFWD, rule...)
}
if err != nil {
return nil, fmt.Errorf("add route rule: %v", err)
}