TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-31 03:18:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

wgengine/router: delete legacy netfilter rule cleanup [Linux]

Browse Source 
This was just cleanup for an ancient version of Tailscale. Any such machines
have upgraded since then.

Change-Id: Iadcde05b37c2b867f92e02ec5d2b18bf2b8f653a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2022-03-07 08:35:54 -08:00
committed by Brad Fitzpatrick
parent 249758df90
commit 26f27a620a
1 changed files with 0 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
wgengine/router/router_linux.go
View File

@@ -247,9 +247,6 @@ func (r *linuxRouter) Up() error {
if r.unregLinkMon == nil && r.linkMon != nil {
r.unregLinkMon = r.linkMon.RegisterRuleDeleteCallback(r.onIPRuleDeleted)
}
if err := r.delLegacyNetfilter(); err != nil {
return err
}
if err := r.addIPRules(); err != nil {
return fmt.Errorf("adding IP rules: %w", err)
}
@@ -1380,38 +1377,6 @@ func (r *linuxRouter) delSNATRule() error {
return nil
}
func (r *linuxRouter) delLegacyNetfilter() error {
if distro.Get() == distro.Synology {
// We don't support netfilter on Synology, and unlike other platforms
// the following commands error out as the `comment` module doesn't
// exist in the iptables binary present on Synology. Albeit the errors
// are ignored it's nice to not have logspam.
return nil
}
del := func(table, chain string, args ...string) error {
exists, err := r.ipt4.Exists(table, chain, args...)
if err != nil {
return fmt.Errorf("checking for %v in %s/%s: %w", args, table, chain, err)
}
if exists {
if err := r.ipt4.Delete(table, chain, args...); err != nil {
return fmt.Errorf("deleting %v in %s/%s: %w", args, table, chain, err)
}
}
return nil
}
if err := del("filter", "FORWARD", "-m", "comment", "--comment", "tailscale", "-i", r.tunname, "-j", "ACCEPT"); err != nil {
r.logf("failed to delete legacy rule, continuing anyway: %v", err)
}
if err := del("nat", "POSTROUTING", "-m", "comment", "--comment", "tailscale", "-o", "eth0", "-j", "MASQUERADE"); err != nil {
r.logf("failed to delete legacy rule, continuing anyway: %v", err)
}
return nil
}
// cidrDiff calls add and del as needed to make the set of prefixes in
// old and new match. Returns a map reflecting the actual new state
// (which may be somewhere in between old and new if some commands