From 36fa29feecc2261d3acb3166fe048609581da44a Mon Sep 17 00:00:00 2001
From: Maisem Ali <maisem@tailscale.com>
Date: Mon, 19 Apr 2021 16:03:03 -0700
Subject: [PATCH] ipn/ipnlocal: restrict local lan access to linux machines.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
---
 ipn/ipnlocal/local.go | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go
index cb920a62d..2a9f34478 100644
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -1861,16 +1861,19 @@ func (b *LocalBackend) routerConfig(cfg *wgcfg.Config, prefs *ipn.Prefs) *router
 		if !default6 {
 			rs.Routes = append(rs.Routes, ipv6Default)
 		}
-		ips, _, err := interfaceRoutes()
-		if err != nil {
-			b.logf("failed to discover interface ips: %v", err)
-		}
-		if prefs.ExitNodeAllowLANAccess {
-			rs.LocalRoutes = ips.Prefixes()
-		} else {
-			// Explicitly add routes to the local network so that we do not
-			// leak any traffic.
-			rs.Routes = append(rs.Routes, ips.Prefixes()...)
+		if runtime.GOOS == "linux" {
+			// Only allow local lan access on linux machines for now.
+			ips, _, err := interfaceRoutes()
+			if err != nil {
+				b.logf("failed to discover interface ips: %v", err)
+			}
+			if prefs.ExitNodeAllowLANAccess {
+				rs.LocalRoutes = ips.Prefixes()
+			} else {
+				// Explicitly add routes to the local network so that we do not
+				// leak any traffic.
+				rs.Routes = append(rs.Routes, ips.Prefixes()...)
+			}
 		}
 	}