From 2066f9fbb296d8c41ea538cf3c7a548364e75715 Mon Sep 17 00:00:00 2001
From: James Tucker <james@tailscale.com>
Date: Wed, 27 Sep 2023 10:56:11 -0700
Subject: [PATCH] util/linuxfw: fix crash in DelSNATRule when no rules are
 found

Appears to be a missing nil handling case. I looked back over other
usage of findRule and the others all have nil guards. findRule returns
nil when no rules are found matching the arguments.

Fixes #9553
Signed-off-by: James Tucker <james@tailscale.com>
---
 util/linuxfw/nftables_runner.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/linuxfw/nftables_runner.go b/util/linuxfw/nftables_runner.go
index 9f56c5423..519725792 100644
--- a/util/linuxfw/nftables_runner.go
+++ b/util/linuxfw/nftables_runner.go
@@ -1109,7 +1109,9 @@ func (n *nftablesRunner) DelSNATRule() error {
 			return fmt.Errorf("find SNAT rule v4: %w", err)
 		}
 
-		_ = conn.DelRule(SNATRule)
+		if SNATRule != nil {
+			_ = conn.DelRule(SNATRule)
+		}
 	}
 
 	if err := conn.Flush(); err != nil {