vanja/gluetun
1
0
Fork 0
mirror of https://github.com/qdm12/gluetun.git synced 2026-06-16 00:14:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(firewall): flush conntrack table after enabling firewall at container start

Browse Source 
- prevent leaks for connections made the first ~10 milliseconds when Gluetun starts
- seems critical,  but in practice this very rarely happen and it very hard to reproduce
This commit is contained in:
Quentin McGaw
2026-02-21 19:39:22 +00:00
parent 0c3e5d94d8
commit 625a63e7c2
5 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/gluetun/main.go
+5
View File
@@ -237,6 +237,10 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
if err != nil {
return err
}
err = netLinker.FlushConntrack()
if err != nil {
return fmt.Errorf("flushing conntrack: %w", err)
}
}
// TODO run this in a loop or in openvpn to reload from file without restarting
@@ -556,6 +560,7 @@ type netLinker interface {
Linker
IsWireguardSupported() (ok bool, err error)
IsIPv6Supported() (ok bool, err error)
FlushConntrack() error
PatchLoggerLevel(level log.Level)
}