From a8b30367866002bfce8efbfe610376077c1dedcb Mon Sep 17 00:00:00 2001
From: Odd Stranne <odd@mullvad.net>
Date: Wed, 12 Jun 2019 23:11:57 +0200
Subject: firewall: adjust loopback rule for better matching

Signed-off-by: Odd Stranne <odd@mullvad.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 tunnel/firewall/rules.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'tunnel/firewall/rules.go')

diff --git a/tunnel/firewall/rules.go b/tunnel/firewall/rules.go
index 1f28d3ab..1216065b 100644
--- a/tunnel/firewall/rules.go
+++ b/tunnel/firewall/rules.go
@@ -260,11 +260,11 @@ func permitWireGuardService(session uintptr, baseObjects *baseObjects, weight ui
 
 func permitLoopback(session uintptr, baseObjects *baseObjects, weight uint8) error {
 	condition := wtFwpmFilterCondition0{
-		fieldKey:  cFWPM_CONDITION_INTERFACE_TYPE,
-		matchType: cFWP_MATCH_EQUAL,
+		fieldKey:  cFWPM_CONDITION_FLAGS,
+		matchType: cFWP_MATCH_FLAGS_ALL_SET,
 		conditionValue: wtFwpConditionValue0{
 			_type: cFWP_UINT32,
-			value: uintptr(cIF_TYPE_SOFTWARE_LOOPBACK),
+			value: uintptr(cFWP_CONDITION_FLAG_IS_LOOPBACK),
 		},
 	}
 
-- 
cgit v1.2.3-59-g8ed1b