Skip netfilter cleanup without CAP_NET_ADMIN by #845

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-06-24 03:41:10 +03:00 · 2026-06-23 23:30:13 +03:00
parent e994ddea00
commit 7e5a1841b1
1 changed files with 4 additions and 0 deletions
@@ -124,6 +124,10 @@ pub(crate) async fn reconcile_synlimit_rules(cfg: &ProxyConfig) {
 }

 pub(crate) async fn clear_synlimit_rules_all_backends() -> Result<(), String> {
+    if !has_cap_net_admin() {
+        return Ok(());
+    }
+
    let mut errors = Vec::new();
    if let Err(error) = clear_nft_synlimit_rules_all_families().await {
        errors.push(error);