sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 07:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check chain existence before deleting NAT OUTPUT jump rule

Browse Source 
The cleanup path tried to delete the jump rule to NETBIRD-NAT-OUTPUT
unconditionally, producing a noisy debug log when the chain was never
created (common for the v6 router when no OutputDNAT rules exist).
Check ChainExists first, consistent with the chain deletion loop
below.
This commit is contained in:
Viktor Liu
2026-04-10 13:21:05 +02:00
parent 4b298fb53c
commit 4fc910031b
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
client/firewall/iptables/router_linux.go
View File

@@ -401,9 +401,13 @@ func (r *router) cleanUpDefaultForwardRules() error {
// Remove jump rules from built-in chains before deleting custom chains, // Remove jump rules from built-in chains before deleting custom chains,
// otherwise the chain deletion fails with "device or resource busy". // otherwise the chain deletion fails with "device or resource busy".
jumpRule := []string{"-j", chainNATOutput} if ok, err := r.iptablesClient.ChainExists(tableNat, chainNATOutput); err != nil {
if err := r.iptablesClient.Delete(tableNat, "OUTPUT", jumpRule...); err != nil { return fmt.Errorf("check chain %s: %w", chainNATOutput, err)
log.Debugf("clean OUTPUT jump rule: %v", err) } else if ok {
jumpRule := []string{"-j", chainNATOutput}
if err := r.iptablesClient.Delete(tableNat, "OUTPUT", jumpRule...); err != nil {
log.Debugf("clean OUTPUT jump rule: %v", err)
}
} }
for _, chainInfo := range []struct { for _, chainInfo := range []struct {