Add reject rule to forward chain

author: David Lönnhager <david.l@mullvad.net> 2021-04-12 13:39:27 +0200
committer: David Lönnhager <david.l@mullvad.net> 2021-04-16 17:41:47 +0200
commit: b2c03da75a65a441fd8ff0a94a9e278dc021036d (patch)
tree: 89d563f3c69cf44159eb5c876a0ef3ca95be044c /talpid-core/src
parent: a990995714e89ce184496291cb54a04dcc6a6463 (diff)
download: mullvadvpn-b2c03da75a65a441fd8ff0a94a9e278dc021036d.tar.xz
mullvadvpn-b2c03da75a65a441fd8ff0a94a9e278dc021036d.zip
1 files changed, 8 insertions, 6 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs
index a99ce23a35..b5f5c1fcfc 100644
--- a/talpid-core/src/firewall/linux.rs
+++ b/talpid-core/src/firewall/linux.rs
@@ -638,12 +638,14 @@ impl<'a> PolicyBatch<'a> {
         }
 
         // Reject any remaining outgoing traffic
-        let mut reject_rule = Rule::new(&self.out_chain);
-        add_verdict(
-            &mut reject_rule,
-            &Verdict::Reject(RejectionType::Icmp(IcmpCode::PortUnreach)),
-        );
-        self.batch.add(&reject_rule, nftnl::MsgType::Add);
+        for chain in &[&self.out_chain, &self.forward_chain] {
+            let mut reject_rule = Rule::new(chain);
+            add_verdict(
+                &mut reject_rule,
+                &Verdict::Reject(RejectionType::Icmp(IcmpCode::PortUnreach)),
+            );
+            self.batch.add(&reject_rule, nftnl::MsgType::Add);
+        }
 
         Ok(())
     }
author	David Lönnhager <david.l@mullvad.net>	2021-04-12 13:39:27 +0200
committer	David Lönnhager <david.l@mullvad.net>	2021-04-16 17:41:47 +0200
commit	b2c03da75a65a441fd8ff0a94a9e278dc021036d (patch)
tree	89d563f3c69cf44159eb5c876a0ef3ca95be044c /talpid-core/src
parent	a990995714e89ce184496291cb54a04dcc6a6463 (diff)
download	mullvadvpn-b2c03da75a65a441fd8ff0a94a9e278dc021036d.tar.xz mullvadvpn-b2c03da75a65a441fd8ff0a94a9e278dc021036d.zip