Fix "any" firewall rules for unsafe_routes (#1099)

2025-11-09 04:03:58 +01:00 · 2024-03-28 16:17:12 -04:00 · 2024-03-28 16:17:12 -04:00 · 8b68a08723
commit 8b68a08723
parent f8fb9759e9
1 changed files with 3 additions and 1 deletions
--- a/firewall.go
+++ b/firewall.go
@ -876,13 +876,15 @@ func (fr *FirewallRule) match(p firewall.Packet, c *cert.NebulaCertificate) bool
 }
 func (flc *firewallLocalCIDR) addRule(f *Firewall, localIp *net.IPNet) error {
-	if localIp == nil || (localIp != nil && localIp.Contains(net.IPv4(0, 0, 0, 0))) {
+	if localIp == nil {
 		if !f.hasSubnets || f.defaultLocalCIDRAny {
 			flc.Any = true
 			return nil
 		}
 		localIp = f.assignedCIDR
 	} else if localIp.Contains(net.IPv4(0, 0, 0, 0)) {
 		flc.Any = true
 	}
 	flc.LocalCIDR.AddCIDR(localIp, struct{}{})