Permit remaining packets to be forwarded via the tunnel interface only

author: David Lönnhager <david.l@mullvad.net> 2021-04-12 13:35:19 +0200
committer: David Lönnhager <david.l@mullvad.net> 2021-04-16 17:41:46 +0200
commit: 45fc2ac3f604311b47b6d499c160c9bb571b7422 (patch)
tree: 2890362a9d6f5072ad4b988263f9edff88b68dc3
parent: 7f073e37df07a22b34aeb67c8ec30cfdd31e0ce6 (diff)
download: mullvadvpn-45fc2ac3f604311b47b6d499c160c9bb571b7422.tar.xz
mullvadvpn-45fc2ac3f604311b47b6d499c160c9bb571b7422.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs
index 12b45a2d30..932ddd178e 100644
--- a/talpid-core/src/firewall/linux.rs
+++ b/talpid-core/src/firewall/linux.rs
@@ -826,6 +826,10 @@ impl<'a> PolicyBatch<'a> {
             nftnl::MsgType::Add,
         );
         self.batch.add(
+            &allow_interface_rule(&self.forward_chain, Direction::Out, &tunnel.interface[..])?,
+            nftnl::MsgType::Add,
+        );
+        self.batch.add(
             &allow_interface_rule(&self.in_chain, Direction::In, &tunnel.interface[..])?,
             nftnl::MsgType::Add,
         );
author	David Lönnhager <david.l@mullvad.net>	2021-04-12 13:35:19 +0200
committer	David Lönnhager <david.l@mullvad.net>	2021-04-16 17:41:46 +0200
commit	45fc2ac3f604311b47b6d499c160c9bb571b7422 (patch)
tree	2890362a9d6f5072ad4b988263f9edff88b68dc3
parent	7f073e37df07a22b34aeb67c8ec30cfdd31e0ce6 (diff)
download	mullvadvpn-45fc2ac3f604311b47b6d499c160c9bb571b7422.tar.xz mullvadvpn-45fc2ac3f604311b47b6d499c160c9bb571b7422.zip