[client] Add missing peer ACL flush (#3247)

netbirdio · Jan 28, 2025 · e20be23 · e20be23
1 parent 46766e7
commit e20be23
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/client/firewall/nftables/acl_linux.go b/client/firewall/nftables/acl_linux.go
@@ -348,6 +348,10 @@ func (m *AclManager) addIOFiltering(
 		UserData: userData,
 	})
 
+	if err := m.rConn.Flush(); err != nil {
+		return nil, fmt.Errorf(flushError, err)
+	}
+
 	rule := &Rule{
 		nftRule:    nftRule,
 		mangleRule: m.createPreroutingRule(expressions, userData),
@@ -359,6 +363,7 @@ func (m *AclManager) addIOFiltering(
 	if ipset != nil {
 		m.ipsetStore.AddReferenceToIpset(ipset.Name)
 	}
+
 	return rule, nil
 }