Skip to content

Commit

Permalink
fix(firewall): deduplicate VPN address accept rule for multiple defau…
Browse files Browse the repository at this point in the history 
…lt routes with the same network interface
  • Loading branch information
@qdm12
qdm12 committed Oct 6, 2024
1 parent 9ef14ee commit 99e9bc8
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions internal/firewall/enable.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,13 @@ func (c *Config) allowVPNIP(ctx context.Context) (err error) {
}

const remove = false
interfacesSeen := make(map[string]struct{}, len(c.defaultRoutes))
for _, defaultRoute := range c.defaultRoutes {
_, seen := interfacesSeen[defaultRoute.NetInterface]
if seen {
continue
}
interfacesSeen[defaultRoute.NetInterface] = struct{}{}
err = c.acceptOutputTrafficToVPN(ctx, defaultRoute.NetInterface, c.vpnConnection, remove)
if err != nil {
return fmt.Errorf("accepting output traffic through VPN: %w", err)
Expand Down

0 comments on commit 99e9bc8

Please sign in to comment.