sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-05-05 16:46:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Keep v4 NAT rule when v6 mirror fails to preserve partial connectivity

Browse Source
This commit is contained in:
Viktor Liu
2026-05-04 12:28:36 +02:00
parent e4feefb9a6
commit 63bb85cdf2
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
client/firewall/nftables/manager_linux.go
View File

@@ -391,12 +391,12 @@ func (m *Manager) AddNatRule(pair firewall.RouterPair) error {
// Dynamic routes need NAT in both tables since resolved IPs can be
// either v4 or v6. This covers both DomainSet (modern) and the legacy
// wildcard 0.0.0.0/0 destination where the client resolves DNS.
// On v6 failure we keep the v4 NAT rule rather than rolling back: half
// connectivity is better than none, and RemoveNatRule is content-keyed
// so the eventual cleanup still works.
if m.hasIPv6() && pair.Dynamic {
v6Pair := firewall.ToV6NatPair(pair)
if err := m.router6.AddNatRule(v6Pair); err != nil {
if rbErr := m.router.RemoveNatRule(pair); rbErr != nil {
return fmt.Errorf("add v6 NAT rule: %w (rollback v4: %v)", err, rbErr)
}
return fmt.Errorf("add v6 NAT rule: %w", err)
}
}