From 79d776aa0e58be17cf887229f2d41354df6770e2 Mon Sep 17 00:00:00 2001
From: Viktor Liu <viktor@netbird.io>
Date: Wed, 14 Aug 2024 15:04:18 +0200
Subject: [PATCH] Split IPv4 and IPv6 rules

---
 management/server/route.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/management/server/route.go b/management/server/route.go
index 09d55e5b356..973f0e0a608 100644
--- a/management/server/route.go
+++ b/management/server/route.go
@@ -456,7 +456,7 @@ func getDefaultPermit(route *route.Route) []*RouteFirewallRule {
 	if route.Network.Addr().Is6() {
 		sources = []string{"::/0"}
 	}
-	ruleIn := RouteFirewallRule{
+	rule := RouteFirewallRule{
 		SourceRanges: sources,
 		Direction:    firewallRuleDirectionIN,
 		Action:       string(PolicyTrafficActionAccept),
@@ -466,11 +466,13 @@ func getDefaultPermit(route *route.Route) []*RouteFirewallRule {
 		IsDynamic:    route.IsDynamic(),
 	}
 
+	rules = append(rules, &rule)
+
 	// dynamic routes always contain an IPv4 placeholder as destination, hence we must add IPv6 rules additionally
 	if route.IsDynamic() {
-		ruleIn.SourceRanges = append(ruleIn.SourceRanges, "::/0")
+		ruleV6 := rule
+		ruleV6.SourceRanges = []string{"::/0"}
 	}
-	rules = append(rules, &ruleIn)
 
 	return rules
 }