diff options
| -rw-r--r-- | talpid-core/src/firewall/macos.rs | 14 | ||||
| -rw-r--r-- | talpid-core/src/resolver.rs | 3 |
2 files changed, 10 insertions, 7 deletions
diff --git a/talpid-core/src/firewall/macos.rs b/talpid-core/src/firewall/macos.rs index 77042dd43f..0f22641967 100644 --- a/talpid-core/src/firewall/macos.rs +++ b/talpid-core/src/firewall/macos.rs @@ -243,7 +243,13 @@ impl Firewall { anchor_change.set_filter_rules(new_filter_rules); if *NAT_WORKAROUND { anchor_change.set_nat_rules(self.get_nat_rules(policy)?); + } else { + // Make sure NAT ruleset is empty + anchor_change.set_nat_rules(vec![]); } + // Make sure redirect ruleset is empty + anchor_change.set_redirect_rules(vec![]); + self.pf.set_rules(ANCHOR_NAME, anchor_change)?; Ok(()) @@ -906,9 +912,9 @@ impl Firewall { // remove_anchor() does not deactivate active rules self.pf .flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Filter)?; - if *NAT_WORKAROUND { - self.pf.flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Nat)?; - } + self.pf.flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Nat)?; + self.pf + .flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Redirect)?; self.pf .flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Scrub)?; Ok(()) @@ -947,8 +953,6 @@ impl Firewall { } self.pf .try_add_anchor(ANCHOR_NAME, pfctl::AnchorKind::Filter)?; - self.pf - .try_add_anchor(ANCHOR_NAME, pfctl::AnchorKind::Redirect)?; Ok(()) } diff --git a/talpid-core/src/resolver.rs b/talpid-core/src/resolver.rs index 7449b7ed8d..0f51e5023e 100644 --- a/talpid-core/src/resolver.rs +++ b/talpid-core/src/resolver.rs @@ -170,7 +170,7 @@ impl Resolver { query: LowerQuery, tx: oneshot::Sender<std::result::Result<Box<dyn LookupObject>, ResolveError>>, ) { - match self { + match self { Resolver::Blocking => { let _ = tx.send(Self::resolve_blocked(query)); } @@ -182,7 +182,6 @@ impl Resolver { }); } }; - } /// Resolution in blocked state will return spoofed records for captive portal domains. |