From 2919b3e3e6e64a5b36dac73edfcd791510a79b50 Mon Sep 17 00:00:00 2001 From: Maisem Ali Date: Tue, 15 Jun 2021 23:35:36 -0700 Subject: [PATCH] wf: loopback condition should use MatchTypeFlagsAllSet. Signed-off-by: Maisem Ali --- wf/firewall.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wf/firewall.go b/wf/firewall.go index 2fc7a3d5b..e3282d2f2 100644 --- a/wf/firewall.go +++ b/wf/firewall.go @@ -152,7 +152,7 @@ func (f *Firewall) enable() error { return fmt.Errorf("permitDNS failed: %w", err) } - if err := f.permitLoopback(weightKnownTraffic); err != nil { + if err := f.permitLoopback(weightTailscaleTraffic); err != nil { return fmt.Errorf("permitLoopback failed: %w", err) } @@ -457,7 +457,7 @@ func (f *Firewall) permitLoopback(w weight) error { condition := []*wf.Match{ { Field: wf.FieldFlags, - Op: wf.MatchTypeEqual, + Op: wf.MatchTypeFlagsAllSet, Value: wf.ConditionFlagIsLoopback, }, }