Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ciffelia/tsblock

Prevent tailscale from using specific network interfaces
https://github.com/ciffelia/tsblock

ebpf go golang tailscale

Last synced: 24 days ago
JSON representation

Prevent tailscale from using specific network interfaces

Host: GitHub
URL: https://github.com/ciffelia/tsblock
Owner: ciffelia
License: gpl-3.0
Created: 2023-10-01T15:13:34.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-08-24T10:17:23.000Z (2 months ago)
Last Synced: 2024-09-29T21:21:44.706Z (about 1 month ago)
Topics: ebpf, go, golang, tailscale
Language: Go
Homepage:
Size: 43 KB
Stars: 10
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # tsblock

[![Licensed under GPL-3.0](https://img.shields.io/badge/license-GPL--3.0-blue)](LICENSE)

[![CI](https://github.com/ciffelia/tsblock/actions/workflows/ci.yaml/badge.svg)](https://github.com/ciffelia/tsblock/actions/workflows/ci.yaml)

tsblock prevents Tailscale from using specific network interfaces.

tsblock is developed to work around [tailscale/tailscale#7594](https://github.com/tailscale/tailscale/issues/7594). Currently, interfaces whose name matches `^cilium_|^lxc` are blocked. The pattern is hard-coded in [main.go](main.go).

## Requirements

- Tailscale must be running as a systemd service.

- tsblock must run as root. It is recommended to run tsblock as a systemd service.

## How it works

tsblock utilizes eBPF to drop packets sent from `tailscaled.service` systemd unit.

## Install

```

go build

sudo ./systemd/install.sh

sudo systemctl daemon-reload

sudo systemctl enable --now tsblock.service

```

## Uninstall

```

sudo systemctl disable --now tsblock.service

sudo ./systemd/uninstall.sh

```