mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
3308e3c010
With the fix of taking into account link-scoped routes in #10554 we introduced a bug: If a customer defines routes in Firezone that conflict with the link-scope ones, those currently take priority as they are usually more specific. To fix this, we introduce tiered routing tables controlled by a set of rules with different priority. 1. In the first "Firezone" routing table, we add all CIDR/IP routes that users define in Firezone. 2. In the second "Firezone" routing table, we sync in all link-scope routes from the system. 3. In the third "Firezone" routing table, we only add the Internet Resource if it is active. By evaluating the routing tables in this order, we effectively always prioritize Firezone-controlled routes over local ones but still allow access to LAN resources when the Internet Resource is active. --------- Signed-off-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Jamil <jamilbk@users.noreply.github.com>