fea: support age timer for knock

2025-11-02 13:24:02 +08:00 · 2024-01-02 15:53:19 +08:00
parent 1af91f2f65
commit 77fa149380
8 changed files with 156 additions and 56 deletions
--- a/pkg/switch/network.go
+++ b/pkg/switch/network.go
@@ -226,8 +226,14 @@ func (w *WorkerImpl) Start(v api.Switcher) {
 	if !(w.vpn == nil || w.ztrust == nil) {
 		w.ztrust.Start()
 		fire.Mangle.Pre.AddRule(cn.IpRule{
-			Input: vpn.Device,
-			Jump:  w.ztrust.Chain(),
+			Input:   vpn.Device,
+			CtState: "RELATED,ESTABLISHED",
+			Comment: "Forwarding Accpted",
+		})
+		fire.Mangle.Pre.AddRule(cn.IpRule{
+			Input:   vpn.Device,
+			Jump:    w.ztrust.Chain(),
+			Comment: "Goto Zero Trust",
 		})
 	}
 	fire.Start()