From 25a8daf405a9db68187989428548405fa0a94d65 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Tue, 15 Aug 2023 10:11:38 -0700 Subject: [PATCH] wgengine/router: always use nftables mode on gokrazy Updates gokrazy/gokrazy#209 Signed-off-by: Brad Fitzpatrick --- wgengine/router/router_linux.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go index 40818267a..2317f2a9b 100644 --- a/wgengine/router/router_linux.go +++ b/wgengine/router/router_linux.go @@ -76,6 +76,11 @@ func (l *linuxFWDetector) nftDetect() (int, error) { // chooseFireWallMode returns the firewall mode to use based on the // environment and the system's capabilities. func chooseFireWallMode(logf logger.Logf, det tableDetector) linuxfw.FirewallMode { + if distro.Get() == distro.Gokrazy { + // Reduce startup logging on gokrazy. There's no way to do iptables on + // gokrazy anyway. + return linuxfw.FirewallModeNfTables + } iptAva, nftAva := true, true iptRuleCount, err := det.iptDetect() if err != nil {