util/linuxfw: don't try cleaning iptables on gokrazy

It just generates log spam. Updates #12277 Change-Id: I5f65c0859e86de0a5349f9d26c9805e7c26b9371 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-25 11:05:45 +00:00 · 2024-05-29 20:46:02 -07:00 · 2024-05-29 20:46:02 -07:00 · 909a292a8d
commit 909a292a8d
parent 0acb61fbf8
1 changed files with 6 additions and 0 deletions
--- a/util/linuxfw/iptables_runner.go
+++ b/util/linuxfw/iptables_runner.go
@ -20,6 +20,7 @@
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/types/logger"
 	"tailscale.com/util/multierr"
+	"tailscale.com/version/distro"
 )

 // isNotExistError needs to be overridden in tests that rely on distinguishing
@ -653,6 +654,11 @@ func (i *iptablesRunner) DelMagicsockPortRule(port uint16, network string) error
 // IPTablesCleanUp removes all Tailscale added iptables rules.
 // Any errors that occur are logged to the provided logf.
 func IPTablesCleanUp(logf logger.Logf) {
+	if distro.Get() == distro.Gokrazy {
+		// Gokrazy uses nftables and doesn't have the "iptables" command.
+		// Avoid log spam on cleanup. (#12277)
+		return
+	}
 	err := clearRules(iptables.ProtocolIPv4, logf)
 	if err != nil {
 		logf("linuxfw: clear iptables: %v", err)