diff --git a/control/controlclient/direct.go b/control/controlclient/direct.go
index d7aa80ecf..85b196a23 100644
--- a/control/controlclient/direct.go
+++ b/control/controlclient/direct.go
@@ -520,7 +520,7 @@ func (c *Direct) PollNetMap(ctx context.Context, maxPolls int, cb func(*NetworkM
 		// support). If even an empty PacketFilter is provided, this
 		// will be overwritten.
 		// TODO(apenwarr 2020-02-01): remove after tailcontrol is fully deployed.
-		resp.PacketFilter = filter.MatchAllowAll
+		resp.PacketFilter = filter.MatchAllowAll.Clone()
 
 		if err := c.decodeMsg(msg, &resp); err != nil {
 			return err
diff --git a/wgengine/filter/match.go b/wgengine/filter/match.go
index 27e0b8f98..2f89ab924 100644
--- a/wgengine/filter/match.go
+++ b/wgengine/filter/match.go
@@ -7,6 +7,7 @@ package filter
 import (
 	"fmt"
 	"strings"
+
 	"tailscale.com/wgengine/packet"
 )
 
@@ -48,6 +49,16 @@ type Match struct {
 	SrcIPs   []IP
 }
 
+func (m Match) Clone() (res Match) {
+	if m.DstPorts != nil {
+		res.DstPorts = append([]IPPortRange{}, m.DstPorts...)
+	}
+	if m.SrcIPs != nil {
+		res.SrcIPs = append([]IP{}, m.SrcIPs...)
+	}
+	return res
+}
+
 func (m Match) String() string {
 	srcs := []string{}
 	for _, srcip := range m.SrcIPs {
@@ -74,6 +85,13 @@ func (m Match) String() string {
 
 type Matches []Match
 
+func (m Matches) Clone() (res Matches) {
+	for _, match := range m {
+		res = append(res, match.Clone())
+	}
+	return res
+}
+
 func ipInList(ip IP, iplist []IP) bool {
 	for _, ipp := range iplist {
 		if ipp == IPAny || ipp == ip {