Forward packets from the tunnel interface

author: David Lönnhager <david.l@mullvad.net> 2021-04-12 13:37:35 +0200
committer: David Lönnhager <david.l@mullvad.net> 2021-04-16 17:41:47 +0200
commit: a990995714e89ce184496291cb54a04dcc6a6463 (patch)
tree: 898d33ceba6933582f52a32f90b9cc031bcaedc4
parent: 45fc2ac3f604311b47b6d499c160c9bb571b7422 (diff)
download: mullvadvpn-a990995714e89ce184496291cb54a04dcc6a6463.tar.xz
mullvadvpn-a990995714e89ce184496291cb54a04dcc6a6463.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs
index 932ddd178e..a99ce23a35 100644
--- a/talpid-core/src/firewall/linux.rs
+++ b/talpid-core/src/firewall/linux.rs
@@ -600,6 +600,15 @@ impl<'a> PolicyBatch<'a> {
                 allow_lan,
                 dns_servers,
             } => {
+                // The forward chain is also hit by the tunnel
+                self.batch.add(
+                    &allow_interface_rule(
+                        &self.forward_chain,
+                        Direction::In,
+                        &tunnel.interface[..],
+                    )?,
+                    nftnl::MsgType::Add,
+                );
                 self.add_allow_tunnel_endpoint_rules(peer_endpoint);
                 self.add_allow_dns_rules(tunnel, &dns_servers, TransportProtocol::Udp)?;
                 self.add_allow_dns_rules(tunnel, &dns_servers, TransportProtocol::Tcp)?;
author	David Lönnhager <david.l@mullvad.net>	2021-04-12 13:37:35 +0200
committer	David Lönnhager <david.l@mullvad.net>	2021-04-16 17:41:47 +0200
commit	a990995714e89ce184496291cb54a04dcc6a6463 (patch)
tree	898d33ceba6933582f52a32f90b9cc031bcaedc4
parent	45fc2ac3f604311b47b6d499c160c9bb571b7422 (diff)
download	mullvadvpn-a990995714e89ce184496291cb54a04dcc6a6463.tar.xz mullvadvpn-a990995714e89ce184496291cb54a04dcc6a6463.zip