From 83de150f871133a1b5a1720a32644abbf996ad92 Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Thu, 18 Jun 2026 00:06:14 +0100
Subject: [PATCH] Fix amnezia iptables

---
 k8s/apps/amnezia/configmap-scripts.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/k8s/apps/amnezia/configmap-scripts.yaml b/k8s/apps/amnezia/configmap-scripts.yaml
index d1fefd1..69d79dc 100644
--- a/k8s/apps/amnezia/configmap-scripts.yaml
+++ b/k8s/apps/amnezia/configmap-scripts.yaml
@@ -30,6 +30,21 @@ data:
       fi
     }
 
+    delete_rule() {
+      local table_args=()
+      if [ "${1:-}" = "-t" ]; then
+        table_args=("$1" "$2")
+        shift 2
+      fi
+
+      local chain="$1"
+      shift
+
+      while iptables "${table_args[@]}" -D "${chain}" "$@" >/dev/null 2>&1; do
+        true
+      done
+    }
+
     ensure_append_rule() {
       local table_args=()
       if [ "${1:-}" = "-t" ]; then
@@ -56,6 +71,7 @@ data:
 
     sysctl -w net.ipv4.ip_forward=1
 
+    delete_rule INPUT -i tailscale0 -p udp -m comment --comment amneziawg-block-tailscale -j DROP
     ensure_insert_rule INPUT -i "${EXT_IF}" -p udp --dport "${PORT}" -m comment --comment amneziawg-allow-external -j ACCEPT
     ensure_insert_rule INPUT -i tailscale0 -p udp --dport "${PORT}" -m comment --comment amneziawg-block-tailscale -j DROP
     ensure_append_rule INPUT -i awg0 -m comment --comment amneziawg-awg-input -j ACCEPT
@@ -100,6 +116,7 @@ data:
     fi
 
     delete_rule INPUT -i tailscale0 -p udp --dport "${PORT}" -m comment --comment amneziawg-block-tailscale -j DROP
+    delete_rule INPUT -i tailscale0 -p udp -m comment --comment amneziawg-block-tailscale -j DROP
     delete_rule INPUT -i awg0 -m comment --comment amneziawg-awg-input -j ACCEPT
     delete_rule FORWARD -i awg0 -m comment --comment amneziawg-forward-in -j ACCEPT
     delete_rule FORWARD -o awg0 -m comment --comment amneziawg-forward-out -j ACCEPT