util/linuxfw: fix stateful packet filtering in nftables mode

To match iptables: b5dbf155b1/util/linuxfw/iptables_runner.go (L536) Updates #12066 Signed-off-by: Anton Tolchanov <anton@tailscale.com> (cherry picked from commit ac638f32c0)
2 years ago · 60d8965df0
parent e2a0fc0bc8
commit 60d8965df0
1 changed files with 1 additions and 1 deletions
--- a/util/linuxfw/nftables_runner.go
+++ b/util/linuxfw/nftables_runner.go
@ -1773,7 +1773,7 @@ func makeStatefulRuleExprs(tunname string) []expr.Any {
 		// going to our TUN.
 		&expr.Meta{Key: expr.MetaKeyOIFNAME, Register: 1},
 		&expr.Cmp{
-			Op:       expr.CmpOpNeq,
+			Op:       expr.CmpOpEq,
 			Register: 1,
 			Data:     []byte(tunname),
 		},