it works again but linux is pickier than I thought, I need to refactor even more

2026-04-02 23:25:18 +02:00 · 2026-02-17 15:15:10 -06:00
parent 7498c6846d
commit 37abdd7f96
2 changed files with 20 additions and 7 deletions
--- a/firewall.go
+++ b/firewall.go
@@ -356,7 +356,9 @@ func (f *Firewall) GetRuleHashes() string {
 func (f *Firewall) SetSNATAddressFromInterface(i *Interface) {
 	//address-mutation-avoidance is done inside Interface, the firewall doesn't need to care
 	//todo should snatted conntracks get expired out? Probably not needed until if/when we allow reload
-	f.snatAddr = i.inside.SNATAddress().Addr()
+	if f.hasUnsafeNetworks { //todo this logic???
+		f.snatAddr = i.inside.SNATAddress().Addr()
+	}
 }

 func (f *Firewall) ShouldUnSNAT(fp *firewall.Packet) bool {