mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 13:05:46 +00:00
a496cdc943
Instead of retrieving the list of chains, or the list of rules in a chain, just try deleting the ones we don't want and then adding the ones we do want. An error in flushing/deleting still means the rule doesn't exist anymore, so there was no need to check for it first. This avoids the need to parse iptables output, which avoids the need to ever call iptables -S, which fixes #403, among other things. It's also much more future proof in case the iptables command line changes. Unfortunately the iptables go module doesn't properly pass the iptables command exit code back up when doing .Delete(), so we can't correctly check the exit code there. (exit code 1 really means the rule didn't exist, rather than some other weird problem). Signed-off-by: Avery Pennarun <apenwarr@tailscale.com> |
||
|---|---|---|
| .. | ||
| filter | ||
| magicsock | ||
| monitor | ||
| packet | ||
| router | ||
| tstun | ||
| winnet | ||
| rusage_nowindows.go | ||
| rusage_windows.go | ||
| rusage.go | ||
| userspace.go | ||
| watchdog_test.go | ||
| watchdog.go | ||
| wgengine.go | ||