fix(firewall): flush conntrack table after enabling firewall at container start

- prevent leaks for connections made the first ~10 milliseconds when Gluetun starts - seems critical, but in practice this very rarely happen and it very hard to reproduce
2026-05-09 20:29:23 +02:00 · 2026-02-21 19:39:22 +00:00
parent 0c3e5d94d8
commit 625a63e7c2
5 changed files with 35 additions and 0 deletions
@@ -0,0 +1,17 @@
+package netlink
+
+import (
+	"fmt"
+
+	"github.com/ti-mo/conntrack"
+)
+
+func (n *NetLink) FlushConntrack() error {
+	conn, err := conntrack.Dial(nil)
+	if err != nil {
+		return fmt.Errorf("dialing conntrack: %w", err)
+	}
+	defer conn.Close()
+
+	return conn.Flush()
+}