diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-06-04 14:36:37 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-06-04 18:49:34 +0200 |
| commit | e244e0e646cdf74a06268173d62874e22e39eb22 (patch) | |
| tree | 9feea1e90d3c48488480a91abc44c13e2165aba7 | |
| parent | 0f85d1ac2b728e0a50352df7970048daa11bc4a4 (diff) | |
| download | mullvadvpn-e244e0e646cdf74a06268173d62874e22e39eb22.tar.xz mullvadvpn-e244e0e646cdf74a06268173d62874e22e39eb22.zip | |
Only allow root to send packets to the relay server on Linux
| -rw-r--r-- | talpid-core/src/firewall/linux.rs | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs index c1cc847d60..21c7b3ce3b 100644 --- a/talpid-core/src/firewall/linux.rs +++ b/talpid-core/src/firewall/linux.rs @@ -507,6 +507,8 @@ impl<'a> PolicyBatch<'a> { let mut out_rule = Rule::new(&self.out_chain); check_endpoint(&mut out_rule, End::Dst, endpoint); + out_rule.add_expr(&nft_expr!(meta skuid)); + out_rule.add_expr(&nft_expr!(cmp == 0u32)); add_verdict(&mut out_rule, &Verdict::Accept); self.batch.add(&out_rule, nftnl::MsgType::Add); |
