From c7238cc0bd8838c17016dc2e1c68e1d6057d6f49 Mon Sep 17 00:00:00 2001
From: Viktor Liu <viktor@netbird.io>
Date: Tue, 28 Jan 2025 22:39:56 +0100
Subject: [PATCH] Add missing peer ACL flush

---
 client/firewall/nftables/acl_linux.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/client/firewall/nftables/acl_linux.go b/client/firewall/nftables/acl_linux.go
index 8c1d89e6833..a93d8caf407 100644
--- a/client/firewall/nftables/acl_linux.go
+++ b/client/firewall/nftables/acl_linux.go
@@ -357,6 +357,10 @@ func (m *AclManager) addIOFiltering(
 		UserData: userData,
 	})
 
+	if err := m.rConn.Flush(); err != nil {
+		return nil, fmt.Errorf(flushError, err)
+	}
+
 	rule := &Rule{
 		nftRule: nftRule,
 		nftSet:  ipset,
@@ -367,6 +371,7 @@ func (m *AclManager) addIOFiltering(
 	if ipset != nil {
 		m.ipsetStore.AddReferenceToIpset(ipset.Name)
 	}
+
 	return rule, nil
 }