tsblock prevents Tailscale from using specific network interfaces.
tsblock is developed to work around tailscale/tailscale#7594. Currently, interfaces whose name matches ^cilium_|^lxc are blocked. The pattern is hard-coded in main.go.
- Tailscale must be running as a systemd service.
- tsblock must run as root. It is recommended to run tsblock as a systemd service.
tsblock utilizes eBPF to drop packets sent from tailscaled.service systemd unit.
go build
sudo ./systemd/install.sh
sudo systemctl daemon-reload
sudo systemctl enable --now tsblock.service
sudo systemctl disable --now tsblock.service
sudo ./systemd/uninstall.sh