From 4a531a0aedec33e9d634d79339b346eb6afb1d4e Mon Sep 17 00:00:00 2001
From: Maisem Ali <maisem@tailscale.com>
Date: Mon, 18 Oct 2021 10:15:44 -0700
Subject: [PATCH] wgengine: don't try to delete legacy netfilter rules on
 synology.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
(cherry picked from commit 53199738fbff4441966c08e6e8f2e3cb48cecc14)
---
 wgengine/router/router_linux.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go
index 63d453e6e..d93296106 100644
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@@ -1104,6 +1104,14 @@ func (r *linuxRouter) delSNATRule() error {
 }
 
 func (r *linuxRouter) delLegacyNetfilter() error {
+	if distro.Get() == distro.Synology {
+		// We don't support netfilter on Synology, and unlike other platforms
+		// the following commands error out as the `comment` module doesn't
+		// exist in the iptables binary present on Synology. Albeit the errors
+		// are ignored it's nice to not have logspam.
+		return nil
+	}
+
 	del := func(table, chain string, args ...string) error {
 		exists, err := r.ipt4.Exists(table, chain, args...)
 		if err != nil {