summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDavid Lönnhager <david.l@mullvad.net>2020-06-04 14:36:37 +0200
committerDavid Lönnhager <david.l@mullvad.net>2020-06-04 18:49:34 +0200
commite244e0e646cdf74a06268173d62874e22e39eb22 (patch)
tree9feea1e90d3c48488480a91abc44c13e2165aba7
parent0f85d1ac2b728e0a50352df7970048daa11bc4a4 (diff)
downloadmullvadvpn-e244e0e646cdf74a06268173d62874e22e39eb22.tar.xz
mullvadvpn-e244e0e646cdf74a06268173d62874e22e39eb22.zip
Only allow root to send packets to the relay server on Linux
-rw-r--r--talpid-core/src/firewall/linux.rs2
1 files changed, 2 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs
index c1cc847d60..21c7b3ce3b 100644
--- a/talpid-core/src/firewall/linux.rs
+++ b/talpid-core/src/firewall/linux.rs
@@ -507,6 +507,8 @@ impl<'a> PolicyBatch<'a> {
let mut out_rule = Rule::new(&self.out_chain);
check_endpoint(&mut out_rule, End::Dst, endpoint);
+ out_rule.add_expr(&nft_expr!(meta skuid));
+ out_rule.add_expr(&nft_expr!(cmp == 0u32));
add_verdict(&mut out_rule, &Verdict::Accept);
self.batch.add(&out_rule, nftnl::MsgType::Add);