mirror of
https://github.com/tailscale/tailscale.git
synced 2025-04-16 11:41:39 +00:00
ipn/ipnlocal: restrict local lan access to linux machines.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
parent
8570f82c8b
commit
36fa29feec
@ -1861,16 +1861,19 @@ func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router
|
|||||||
if !default6 {
|
if !default6 {
|
||||||
rs.Routes = append(rs.Routes, ipv6Default)
|
rs.Routes = append(rs.Routes, ipv6Default)
|
||||||
}
|
}
|
||||||
ips, _, err := interfaceRoutes()
|
if runtime.GOOS == "linux" {
|
||||||
if err != nil {
|
// Only allow local lan access on linux machines for now.
|
||||||
b.logf("failed to discover interface ips: %v", err)
|
ips, _, err := interfaceRoutes()
|
||||||
}
|
if err != nil {
|
||||||
if prefs.ExitNodeAllowLANAccess {
|
b.logf("failed to discover interface ips: %v", err)
|
||||||
rs.LocalRoutes = ips.Prefixes()
|
}
|
||||||
} else {
|
if prefs.ExitNodeAllowLANAccess {
|
||||||
// Explicitly add routes to the local network so that we do not
|
rs.LocalRoutes = ips.Prefixes()
|
||||||
// leak any traffic.
|
} else {
|
||||||
rs.Routes = append(rs.Routes, ips.Prefixes()...)
|
// Explicitly add routes to the local network so that we do not
|
||||||
|
// leak any traffic.
|
||||||
|
rs.Routes = append(rs.Routes, ips.Prefixes()...)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user