all: detect JetKVM and specialize a handful of things for it

Updates #16524 Change-Id: I183428de8c65d7155d82979d2d33f031c22e3331 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-14 06:57:31 +00:00 · 2025-07-10 11:14:08 -07:00
parent bebc796e6c
commit fbc6a9ec5a
10 changed files with 89 additions and 12 deletions
--- a/util/linuxfw/detector.go
+++ b/util/linuxfw/detector.go
@@ -23,6 +23,11 @@ func detectFirewallMode(logf logger.Logf, prefHint string) FirewallMode {
 		hostinfo.SetFirewallMode("nft-gokrazy")
 		return FirewallModeNfTables
 	}
+	if distro.Get() == distro.JetKVM {
+		// JetKVM doesn't have iptables.
+		hostinfo.SetFirewallMode("nft-jetkvm")
+		return FirewallModeNfTables
+	}

 	mode := envknob.String("TS_DEBUG_FIREWALL_MODE")
 	// If the envknob isn't set, fall back to the pref suggested by c2n or
--- a/util/linuxfw/iptables_runner.go
+++ b/util/linuxfw/iptables_runner.go
@@ -688,8 +688,9 @@ func (i *iptablesRunner) DelMagicsockPortRule(port uint16, network string) error
 // IPTablesCleanUp removes all Tailscale added iptables rules.
 // Any errors that occur are logged to the provided logf.
 func IPTablesCleanUp(logf logger.Logf) {
-	if distro.Get() == distro.Gokrazy {
-		// Gokrazy uses nftables and doesn't have the "iptables" command.
+	switch distro.Get() {
+	case distro.Gokrazy, distro.JetKVM:
+		// These use nftables and don't have the "iptables" command.
 		// Avoid log spam on cleanup. (#12277)
 		return
 	}