a496cdc943
Instead of retrieving the list of chains, or the list of rules in a chain, just try deleting the ones we don't want and then adding the ones we do want. An error in flushing/deleting still means the rule doesn't exist anymore, so there was no need to check for it first. This avoids the need to parse iptables output, which avoids the need to ever call iptables -S, which fixes #403, among other things. It's also much more future proof in case the iptables command line changes. Unfortunately the iptables go module doesn't properly pass the iptables command exit code back up when doing .Delete(), so we can't correctly check the exit code there. (exit code 1 really means the rule didn't exist, rather than some other weird problem). Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
Tailscale
Private WireGuard® networks made easy
Overview
This repository contains all the open source Tailscale code. It currently includes the Linux client.
The Linux client is currently cmd/relaynode, but will
soon be replaced by cmd/tailscaled.
Using
We serve packages for a variety of distros at https://pkgs.tailscale.com .
Building
go install tailscale.com/cmd/tailscale{,d}
We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.14) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.
Bugs
Please file any issues about this code or the hosted service on the issue tracker.
Contributing
under_construction.gif
PRs welcome, but we are still working out our contribution process and tooling.
We require Developer Certificate of
Origin
Signed-off-by lines in commits.
About Us
We are apenwarr, bradfitz, crawshaw, danderson, dfcarney, from Tailscale Inc. You can learn more about us from our website.
WireGuard is a registered trademark of Jason A. Donenfeld.