https://github.com/ciffelia/tsblock

Prevent tailscale from using specific network interfaces
https://github.com/ciffelia/tsblock

ebpf go golang tailscale

Last synced: 5 months ago
JSON representation

Prevent tailscale from using specific network interfaces

• Host: GitHub
• URL: https://github.com/ciffelia/tsblock
• Owner: ciffelia
• License: gpl-3.0
• Created: 2023-10-01T15:13:34.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-08-24T10:17:23.000Z (almost 2 years ago)
• Last Synced: 2025-04-09T23:04:38.788Z (about 1 year ago)
• Topics: ebpf, go, golang, tailscale
• Language: Go
• Homepage:
• Size: 43 KB
• Stars: 13
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# tsblock

[![Licensed under GPL-3.0](https://img.shields.io/badge/license-GPL--3.0-blue)](LICENSE)

[![CI](https://github.com/ciffelia/tsblock/actions/workflows/ci.yaml/badge.svg)](https://github.com/ciffelia/tsblock/actions/workflows/ci.yaml)

tsblock prevents Tailscale from using specific network interfaces.

tsblock is developed to work around [tailscale/tailscale#7594](https://github.com/tailscale/tailscale/issues/7594). Currently, interfaces whose name matches `^cilium_|^lxc` are blocked. The pattern is hard-coded in [main.go](main.go).

## Requirements

- Tailscale must be running as a systemd service.

- tsblock must run as root. It is recommended to run tsblock as a systemd service.

## How it works

tsblock utilizes eBPF to drop packets sent from `tailscaled.service` systemd unit.

## Install

```sh

go build  # or download binary from https://github.com/ciffelia/tsblock/releases

sudo ./systemd/install.sh

sudo systemctl daemon-reload

sudo systemctl enable --now tsblock.service

```

## Uninstall

```sh

sudo systemctl disable --now tsblock.service

sudo ./systemd/uninstall.sh

```