netbird: prefer nftables

Signed-off-by: Wesley Gimenes <wehagy@proton.me>
wehagy · Feb 20, 2025 · ade61b6 · ade61b6
1 parent 7ac478f
commit ade61b6
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 2 deletions.
diff --git a/owpib b/owpib
@@ -191,10 +191,10 @@ dockerfile_sdk() {
     for dir in "${custom_feed[@]#*/}"; do
       custom_feed_packages+=" ${dir%/}"
     done
-    printf '%s\n' "Directories '${custom_feed_packages}' found inside 'custom-feed'."
+    #printf '%s\n' "Directories '${custom_feed_packages}' found inside 'custom-feed'."
     PACKAGES+="${custom_feed_packages}"
   else
-    printf '%s\n' "No directories found inside 'custom-feed'."
+    #printf '%s\n' "No directories found inside 'custom-feed'."
     patch_custom="false"
   fi
 

diff --git a/patches/packages/netbird-2000-prefer-nftables.patch b/patches/packages/netbird-2000-prefer-nftables.patch
@@ -0,0 +1,56 @@
+From dc3d7c7003a67e680c8d026e4ed6706b8813d706 Mon Sep 17 00:00:00 2001
+From: Wesley Gimenes <wehagy@proton.me>
+Date: Thu, 20 Feb 2025 13:13:36 -0300
+Subject: [PATCH] netbird: prefer nftables
+
+Signed-off-by: Wesley Gimenes <wehagy@proton.me>
+---
+ net/netbird/patches/0001-fix.patch | 39 ++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+ create mode 100644 net/netbird/patches/0001-fix.patch
+
+diff --git a/net/netbird/patches/0001-fix.patch b/net/netbird/patches/0001-fix.patch
+new file mode 100644
+index 000000000..dd92b738c
+--- /dev/null
++++ b/net/netbird/patches/0001-fix.patch
+@@ -0,0 +1,39 @@
++diff --git a/client/firewall/create_linux.go b/client/firewall/create_linux.go
++index be1b3791..2064de8a 100644
++--- a/client/firewall/create_linux.go
+++++ b/client/firewall/create_linux.go
++@@ -109,7 +109,7 @@ func check() FWType {
++ 
++ 		useIPTABLES = true
++ 
++-		iptablesChains, err = ip.ListChains("filter")
+++		iptablesChains, err = ip.ListChains("fw4")
++ 		if err != nil {
++ 			log.Errorf("failed to list iptables chains: %s", err)
++ 			useIPTABLES = false
++@@ -125,7 +125,7 @@ func check() FWType {
++ 		// search for chains where table is filter
++ 		// if we find one, we assume that nftables manager can be used with iptables
++ 		for _, chain := range chains {
++-			if chain.Table.Name == "filter" {
+++			if chain.Table.Name == "fw4" {
++ 				return NFTABLES
++ 			}
++ 		}
++@@ -141,7 +141,7 @@ func check() FWType {
++ 			return IPTABLES
++ 		case err == nil && len(nbTablesList) != 1:
++ 			return NFTABLES
++-		case err == nil && len(nbTablesList) == 1 && nbTablesList[0].Name == "filter":
+++		case err == nil && len(nbTablesList) == 1 && nbTablesList[0].Name == "fw4":
++ 			return IPTABLES
++ 		case err != nil:
++ 			log.Errorf("failed to list nftables tables on fw manager discovery: %s", err)
++@@ -156,6 +156,6 @@ func check() FWType {
++ }
++ 
++ func isIptablesClientAvailable(client *iptables.IPTables) bool {
++-	_, err := client.ListChains("filter")
+++	_, err := client.ListChains("fw4")
++ 	return err == nil
++ }